Webserver/Apache/FineTuningSSL

De TartareFR
Aller à la navigation Aller à la recherche

Fine Tuning Apache

On s'assure que le KeepAlive est bien activé. La négotiation SSL ne sera donc effective qu'à la première connexion et le résultat réutilisé dans les connexions suivantes. 

openssl s_client -connect didier.dnsdynamic.net:443 -state -reconnect
...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
...
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
...
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
...
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
...

Ajout d'un header pour autoriser la mise en cache des images, des feuilles de style, etc...). Par défaut, lorsque le protocole HTTPS est utilisé, aucune mise en cache n'est effectué. 

<filesMatch ".(js|css|png|jpeg|jpg|gif|ico|svg|tiff|pov|inc|ttf|hdr|pdf|zip)$">
   Header set Cache-Control "max-age=31536000, public" 
</filesMatch>

Benchmark SSL

On lance le benchmark intégré à l'utilitaire <app>openssl</app> 

openssl speed

Doing md2 for 3s on 16 size blocks: 480533 md2's in 2.76s
Doing md2 for 3s on 64 size blocks: 248735 md2's in 2.72s
Doing md2 for 3s on 256 size blocks: 90380 md2's in 2.91s
Doing md2 for 3s on 1024 size blocks: 23222 md2's in 2.72s
Doing md2 for 3s on 8192 size blocks: 3220 md2's in 2.92s
Doing md4 for 3s on 16 size blocks: 6473479 md4's in 2.70s
Doing md4 for 3s on 64 size blocks: 5766000 md4's in 2.92s
Doing md4 for 3s on 256 size blocks: 3820475 md4's in 2.98s
Doing md4 for 3s on 1024 size blocks: 1503116 md4's in 2.84s
Doing md4 for 3s on 8192 size blocks: 245328 md4's in 2.99s
Doing md5 for 3s on 16 size blocks: 5262819 md5's in 2.99s
Doing md5 for 3s on 64 size blocks: 4201987 md5's in 2.95s
Doing md5 for 3s on 256 size blocks: 2566728 md5's in 2.93s
Doing md5 for 3s on 1024 size blocks: 1036718 md5's in 2.99s
Doing md5 for 3s on 8192 size blocks: 157089 md5's in 2.98s
Doing hmac(md5) for 3s on 16 size blocks: 4321328 hmac(md5)'s in 2.94s
Doing hmac(md5) for 3s on 64 size blocks: 3641866 hmac(md5)'s in 2.96s
Doing hmac(md5) for 3s on 256 size blocks: 2356221 hmac(md5)'s in 2.98s
Doing hmac(md5) for 3s on 1024 size blocks: 979856 hmac(md5)'s in 2.98s
Doing hmac(md5) for 3s on 8192 size blocks: 143157 hmac(md5)'s in 2.75s
Doing sha1 for 3s on 16 size blocks: 6098971 sha1's in 2.92s
Doing sha1 for 3s on 64 size blocks: 4217930 sha1's in 2.88s
Doing sha1 for 3s on 256 size blocks: 2225074 sha1's in 2.80s
Doing sha1 for 3s on 1024 size blocks: 798067 sha1's in 2.84s
Doing sha1 for 3s on 8192 size blocks: 119383 sha1's in 2.98s
Doing sha256 for 3s on 16 size blocks: 5071910 sha256's in 2.93s
Doing sha256 for 3s on 64 size blocks: 2890601 sha256's in 2.96s
Doing sha256 for 3s on 256 size blocks: 1258903 sha256's in 2.99s
Doing sha256 for 3s on 1024 size blocks: 366837 sha256's in 2.83s
Doing sha256 for 3s on 8192 size blocks: 51479 sha256's in 2.98s
Doing sha512 for 3s on 16 size blocks: 4061522 sha512's in 2.96s
Doing sha512 for 3s on 64 size blocks: 4086077 sha512's in 2.95s
Doing sha512 for 3s on 256 size blocks: 1595361 sha512's in 2.99s
Doing sha512 for 3s on 1024 size blocks: 516710 sha512's in 2.73s
Doing sha512 for 3s on 8192 size blocks: 79530 sha512's in 2.95s
Doing whirlpool for 3s on 16 size blocks: 2293878 whirlpool's in 2.92s
Doing whirlpool for 3s on 64 size blocks: 1194872 whirlpool's in 2.81s
Doing whirlpool for 3s on 256 size blocks: 507505 whirlpool's in 2.86s
Doing whirlpool for 3s on 1024 size blocks: 131641 whirlpool's in 2.47s
Doing whirlpool for 3s on 8192 size blocks: 20610 whirlpool's in 2.92s
Doing rmd160 for 3s on 16 size blocks: 4068361 rmd160's in 2.95s
Doing rmd160 for 3s on 64 size blocks: 2700443 rmd160's in 2.99s
Doing rmd160 for 3s on 256 size blocks: 1251383 rmd160's in 2.95s
Doing rmd160 for 3s on 1024 size blocks: 403206 rmd160's in 2.96s
Doing rmd160 for 3s on 8192 size blocks: 55752 rmd160's in 2.99s
Doing rc4 for 3s on 16 size blocks: 49264969 rc4's in 2.94s
Doing rc4 for 3s on 64 size blocks: 16738466 rc4's in 2.97s
Doing rc4 for 3s on 256 size blocks: 4603203 rc4's in 2.98s
Doing rc4 for 3s on 1024 size blocks: 1178228 rc4's in 2.98s
Doing rc4 for 3s on 8192 size blocks: 149230 rc4's in 2.99s
Doing des cbc for 3s on 16 size blocks: 8652741 des cbc's in 2.98s
Doing des cbc for 3s on 64 size blocks: 2226409 des cbc's in 2.88s
Doing des cbc for 3s on 256 size blocks: 563720 des cbc's in 2.88s
Doing des cbc for 3s on 1024 size blocks: 140114 des cbc's in 2.86s
Doing des cbc for 3s on 8192 size blocks: 18196 des cbc's in 2.96s
Doing des ede3 for 3s on 16 size blocks: 3368656 des ede3's in 2.87s
Doing des ede3 for 3s on 64 size blocks: 892544 des ede3's in 2.98s
Doing des ede3 for 3s on 256 size blocks: 224268 des ede3's in 2.96s
Doing des ede3 for 3s on 1024 size blocks: 53786 des ede3's in 2.85s
Doing des ede3 for 3s on 8192 size blocks: 7106 des ede3's in 3.00s
Doing aes-128 cbc for 3s on 16 size blocks: 11360527 aes-128 cbc's in 2.95s
Doing aes-128 cbc for 3s on 64 size blocks: 3070752 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 784164 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 1024 size blocks: 458966 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 8192 size blocks: 58356 aes-128 cbc's in 3.00s
Doing aes-192 cbc for 3s on 16 size blocks: 9830270 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 64 size blocks: 2407288 aes-192 cbc's in 2.80s
Doing aes-192 cbc for 3s on 256 size blocks: 654198 aes-192 cbc's in 2.97s
Doing aes-192 cbc for 3s on 1024 size blocks: 385829 aes-192 cbc's in 2.94s
Doing aes-192 cbc for 3s on 8192 size blocks: 49649 aes-192 cbc's in 2.99s
Doing aes-256 cbc for 3s on 16 size blocks: 8474935 aes-256 cbc's in 2.99s
Doing aes-256 cbc for 3s on 64 size blocks: 2229546 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 256 size blocks: 564784 aes-256 cbc's in 2.99s
Doing aes-256 cbc for 3s on 1024 size blocks: 312823 aes-256 cbc's in 2.73s
Doing aes-256 cbc for 3s on 8192 size blocks: 42702 aes-256 cbc's in 2.95s
Doing aes-128 ige for 3s on 16 size blocks: 10145976 aes-128 ige's in 2.75s
Doing aes-128 ige for 3s on 64 size blocks: 2693650 aes-128 ige's in 2.76s
Doing aes-128 ige for 3s on 256 size blocks: 748500 aes-128 ige's in 2.98s
Doing aes-128 ige for 3s on 1024 size blocks: 155436 aes-128 ige's in 2.48s
Doing aes-128 ige for 3s on 8192 size blocks: 23603 aes-128 ige's in 2.99s
Doing aes-192 ige for 3s on 16 size blocks: 9486330 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 64 size blocks: 2491174 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 256 size blocks: 629197 aes-192 ige's in 2.98s
Doing aes-192 ige for 3s on 1024 size blocks: 151423 aes-192 ige's in 2.86s
Doing aes-192 ige for 3s on 8192 size blocks: 19864 aes-192 ige's in 2.99s
Doing aes-256 ige for 3s on 16 size blocks: 7704436 aes-256 ige's in 2.79s
Doing aes-256 ige for 3s on 64 size blocks: 1917344 aes-256 ige's in 2.67s
Doing aes-256 ige for 3s on 256 size blocks: 536777 aes-256 ige's in 2.94s
Doing aes-256 ige for 3s on 1024 size blocks: 136003 aes-256 ige's in 2.96s
Doing aes-256 ige for 3s on 8192 size blocks: 16988 aes-256 ige's in 2.97s
Doing ghash for 3s on 16 size blocks: 29042068 ghash's in 2.97s
Doing ghash for 3s on 64 size blocks: 10974768 ghash's in 2.98s
Doing ghash for 3s on 256 size blocks: 3089265 ghash's in 2.97s
Doing ghash for 3s on 1024 size blocks: 771274 ghash's in 2.83s
Doing ghash for 3s on 8192 size blocks: 102266 ghash's in 2.97s
Doing camellia-128 cbc for 3s on 16 size blocks: 13505613 camellia-128 cbc's in 2.91s
Doing camellia-128 cbc for 3s on 64 size blocks: 5200705 camellia-128 cbc's in 2.99s
Doing camellia-128 cbc for 3s on 256 size blocks: 1504662 camellia-128 cbc's in 2.99s
Doing camellia-128 cbc for 3s on 1024 size blocks: 385489 camellia-128 cbc's in 2.99s
Doing camellia-128 cbc for 3s on 8192 size blocks: 48099 camellia-128 cbc's in 2.99s
Doing camellia-192 cbc for 3s on 16 size blocks: 11572330 camellia-192 cbc's in 2.93s
Doing camellia-192 cbc for 3s on 64 size blocks: 4145797 camellia-192 cbc's in 2.92s
Doing camellia-192 cbc for 3s on 256 size blocks: 1140179 camellia-192 cbc's in 2.95s
Doing camellia-192 cbc for 3s on 1024 size blocks: 299740 camellia-192 cbc's in 2.99s
Doing camellia-192 cbc for 3s on 8192 size blocks: 37869 camellia-192 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 16 size blocks: 11881552 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 64 size blocks: 4158577 camellia-256 cbc's in 2.98s
Doing camellia-256 cbc for 3s on 256 size blocks: 1135120 camellia-256 cbc's in 2.98s
Doing camellia-256 cbc for 3s on 1024 size blocks: 296944 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 8192 size blocks: 37743 camellia-256 cbc's in 2.99s
Doing idea cbc for 3s on 16 size blocks: 8169944 idea cbc's in 2.89s
Doing idea cbc for 3s on 64 size blocks: 2276043 idea cbc's in 2.99s
Doing idea cbc for 3s on 256 size blocks: 581814 idea cbc's in 3.00s
Doing idea cbc for 3s on 1024 size blocks: 139839 idea cbc's in 2.87s
Doing idea cbc for 3s on 8192 size blocks: 18267 idea cbc's in 2.99s
Doing seed cbc for 3s on 16 size blocks: 10166798 seed cbc's in 2.98s
Doing seed cbc for 3s on 64 size blocks: 2532767 seed cbc's in 2.90s
Doing seed cbc for 3s on 256 size blocks: 657312 seed cbc's in 2.98s
Doing seed cbc for 3s on 1024 size blocks: 164398 seed cbc's in 2.99s
Doing seed cbc for 3s on 8192 size blocks: 20200 seed cbc's in 2.93s
Doing rc2 cbc for 3s on 16 size blocks: 3999416 rc2 cbc's in 2.61s
Doing rc2 cbc for 3s on 64 size blocks: 1129754 rc2 cbc's in 2.82s
Doing rc2 cbc for 3s on 256 size blocks: 277568 rc2 cbc's in 2.74s
Doing rc2 cbc for 3s on 1024 size blocks: 75246 rc2 cbc's in 2.94s
Doing rc2 cbc for 3s on 8192 size blocks: 9591 rc2 cbc's in 3.00s
Doing blowfish cbc for 3s on 16 size blocks: 15025439 blowfish cbc's in 2.98s
Doing blowfish cbc for 3s on 64 size blocks: 4132612 blowfish cbc's in 2.99s
Doing blowfish cbc for 3s on 256 size blocks: 1054180 blowfish cbc's in 2.99s
Doing blowfish cbc for 3s on 1024 size blocks: 266516 blowfish cbc's in 2.99s
Doing blowfish cbc for 3s on 8192 size blocks: 33422 blowfish cbc's in 3.00s
Doing cast cbc for 3s on 16 size blocks: 13097269 cast cbc's in 2.98s
Doing cast cbc for 3s on 64 size blocks: 3398758 cast cbc's in 2.86s
Doing cast cbc for 3s on 256 size blocks: 869601 cast cbc's in 2.87s
Doing cast cbc for 3s on 1024 size blocks: 214478 cast cbc's in 2.81s
Doing cast cbc for 3s on 8192 size blocks: 28056 cast cbc's in 2.94s
Doing 512 bit private rsa's for 10s: 81260 512 bit private RSA's in 9.64s
Doing 512 bit public rsa's for 10s: 1087087 512 bit public RSA's in 9.01s
Doing 1024 bit private rsa's for 10s: 23512 1024 bit private RSA's in 8.89s
Doing 1024 bit public rsa's for 10s: 424719 1024 bit public RSA's in 9.24s
Doing 2048 bit private rsa's for 10s: 4104 2048 bit private RSA's in 9.32s
Doing 2048 bit public rsa's for 10s: 130323 2048 bit public RSA's in 9.20s
Doing 4096 bit private rsa's for 10s: 590 4096 bit private RSA's in 9.58s
Doing 4096 bit public rsa's for 10s: 33981 4096 bit public RSA's in 8.85s
Doing 512 bit sign dsa's for 10s: 86990 512 bit DSA signs in 9.11s
Doing 512 bit verify dsa's for 10s: 92304 512 bit DSA verify in 8.96s
Doing 1024 bit sign dsa's for 10s: 42349 1024 bit DSA signs in 9.65s
Doing 1024 bit verify dsa's for 10s: 36494 1024 bit DSA verify in 8.98s
Doing 2048 bit sign dsa's for 10s: 13189 2048 bit DSA signs in 9.19s
Doing 2048 bit verify dsa's for 10s: 11364 2048 bit DSA verify in 9.39s
Doing 256 bit sign ecdsa's for 10s: 46639 256 bit ECDSA signs in 9.61s 
Doing 256 bit verify ecdsa's for 10s: 10881 256 bit ECDSA verify in 9.24s
Doing 384 bit sign ecdsa's for 10s: 23280 384 bit ECDSA signs in 9.35s 
Doing 384 bit verify ecdsa's for 10s: 5045 384 bit ECDSA verify in 9.33s
Doing 521 bit sign ecdsa's for 10s: 13169 521 bit ECDSA signs in 9.60s 
Doing 521 bit verify ecdsa's for 10s: 2367 521 bit ECDSA verify in 8.88s
Doing 256 bit  ecdh's for 10s: 11920 256-bit ECDH ops in 8.43s
Doing 384 bit  ecdh's for 10s: 5582 384-bit ECDH ops in 8.70s
Doing 521 bit  ecdh's for 10s: 2750 521-bit ECDH ops in 8.75s
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr  8 00:32:22 UTC 2014
options:bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) 
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches  -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md2               2785.70k     5852.59k     7950.96k     8742.40k     9033.64k
mdc2                 0.00         0.00         0.00         0.00         0.00 
md4              38361.36k   126378.08k   328201.88k   541968.59k   672149.49k
md5              28162.24k    91161.75k   224260.19k   355049.91k   431836.61k
hmac(md5)        23517.43k    78743.05k   202413.62k   336702.20k   426451.69k
sha1             33419.02k    93731.78k   203435.34k   287753.74k   328183.07k
rmd160           22065.69k    57802.12k   108594.59k   139487.48k   152749.29k
rc4             268108.67k   360694.22k   395442.94k   404867.61k   408860.25k
des cbc          46457.67k    49475.76k    50108.44k    50166.69k    50358.66k
des ede3         18779.96k    19168.73k    19396.15k    19325.22k    19404.12k
idea cbc         45231.52k    48717.98k    49648.13k    49893.78k    50047.91k
seed cbc         54586.83k    55895.55k    56467.07k    56302.19k    56477.27k
rc2 cbc          24517.49k    25639.81k    25933.36k    26208.13k    26189.82k
rc5-32/12 cbc        0.00         0.00         0.00         0.00         0.00 
blowfish cbc     80673.50k    88457.25k    90257.55k    91275.04k    91264.34k
cast cbc         70320.91k    76056.12k    77567.20k    78158.53k    78175.09k
aes-128 cbc      61616.42k    65509.38k    67139.13k   157184.34k   159350.78k
aes-192 cbc      52428.11k    55023.73k    56388.78k   134383.98k   136028.30k
aes-256 cbc      45350.82k    47563.65k    48356.09k   117337.27k   118581.28k
camellia-128 cbc    74257.67k   111319.44k   128827.25k   132020.31k   131781.61k
camellia-192 cbc    63193.61k    90866.78k    98944.35k   102653.43k   103407.62k
camellia-256 cbc    63368.28k    89311.72k    97513.66k   101356.89k   103408.25k
sha256           27696.44k    62499.48k   107785.67k   132735.37k   141515.43k
sha512           21954.17k    88647.09k   136592.78k   193813.57k   220850.77k
whirlpool        12569.19k    27214.17k    45427.02k    54575.05k    57820.93k
aes-128 ige      59031.13k    62461.45k    64300.67k    64180.03k    64667.48k
aes-192 ige      50593.76k    53145.05k    54051.82k    54215.79k    54423.37k
aes-256 ige      44183.15k    45958.81k    46739.77k    47049.69k    46857.14k
ghash           156455.59k   235699.72k   266280.08k   279075.82k   282075.11k
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000119s 0.000008s   8429.5 120653.4
rsa 1024 bits 0.000378s 0.000022s   2644.8  45965.3
rsa 2048 bits 0.002271s 0.000071s    440.3  14165.5
rsa 4096 bits 0.016237s 0.000260s     61.6   3839.7
                  sign    verify    sign/s verify/s
dsa  512 bits 0.000105s 0.000097s   9548.8  10301.8
dsa 1024 bits 0.000228s 0.000246s   4388.5   4063.9
dsa 2048 bits 0.000697s 0.000826s   1435.1   1210.2
                              sign    verify    sign/s verify/s
 256 bit ecdsa (nistp256)   0.0002s   0.0008s   4853.2   1177.6
 384 bit ecdsa (nistp384)   0.0004s   0.0018s   2489.8    540.7
 521 bit ecdsa (nistp521)   0.0007s   0.0038s   1371.8    266.6
                              op      op/s
 256 bit ecdh (nistp256)   0.0007s   1414.0
 384 bit ecdh (nistp384)   0.0016s    641.6
 521 bit ecdh (nistp521)   0.0032s    314.3
Récupérée de « https://wikiold.home.tartarefr.eu/index.php?title=Webserver/Apache/FineTuningSSL&oldid=2679 »