Https very slow since openbsd 6.1

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Https very slow since openbsd 6.1

Geraldo
Hello,
Recently I have implemented ssl on my VPS, 1G Ram, single core cpu at
vultr.
I tested various config, with httpd, then with nginx, with various
setups, from the most basic ones to some with quite some tweaks as ssl
stapling, http2, other cyphers and some more...., nothing ever changed.Now
the problem: my site is very fast when using http, when I use https speed
drops to something k=like 5 to 8 times slower of download speed compared
to when using a http connection.I thought this might be due to libressl,
so I tested a setup with openbsd 5.5, with nginx and a very basic .conf,
speed excellent with or without ssl.
Then tried a setup with  5.6, 5.8, 6.0(all amd64), all of them very fast
with nginx as well as httpd, ther is no noticeable speed difference
between using with or without encryption.
Then comes in openbsd 6.1 amd64, and now the same huge speed difference
between with or without encryption as  found on OpenBSD 6.4.Is there any
tweak I could test or is this just bad luck on my VPS or something else?
Speed goes down so badly you can notice it very clearly on photo gallery
but even on static html, site is kind of "slow" when using https.
Here is my very "basic" nginx.conf, :worker_processes  2;worker_rlimit_nofile
1024;events {
worker_connections  1024;
}http {
include       mime.types;
default_type  application/octet-stream;
index         index.html index.htm;server_tokens off;server {
listen       80;
server_name         guiadabahia.com   www.guiadabahia.com;
root                   /var/www/htdocs/;
}server {
listen                 443 ssl;
server_name           guiadabahia.com   www.guiadabahia.com;
root                      /var/www/htdocs/;
ssl_certificate        /etc/ssl/www_guiadabahia_com.crt;
ssl_certificate_key    /etc/ssl/private/www_guiadabahia_com.key; }
}
Any english errors I beg you pardon, I�m austrian, and sorry to take your
time.Kind regards
Gerhard Schweiger