[rabbitmq-discuss] Client connection to ssl rabbitMQ is very slow
carl.hoerberg at gmail.com
Thu Apr 5 08:10:15 BST 2012
the DHE key exchange algorithm is very computational intensive, so
make sure you disable it (http://matt.io/entry/ur)
this config allows only the AES 128 chiper with RSA (and not DHE) as
key exchange and SHA as hash algoritm (md5 is somewhat weaker but
for all options, see http://www.erlang.org/doc/man/ssl.html, as Emile said.
On Wed, Apr 4, 2012 at 12:43, Emile Joubert <emile at rabbitmq.com> wrote:
> On 02/04/12 15:26, Rabbit001 wrote:
>> I've follow the ssl configuration instructions in rabbitmq page
>> 'www.rabbitmq.com/ssl.html' to configure ssl access to rabbitmq server. I've
>> started rabbitmq server correctly and I've executed the example1 (sample
>> code for ssl java client) and the result is good, but the method
>> factory.newConnection() finish over 5sg. In the other hand, without ssl the
>> method factory.newConnection() finish in <200 ms.
>> How do i increasse the performance in the first scenario (ssl
>> configuration)? any idea?
> If your broker CPU has hardware support for certain ciphers and OpenSSL
> can make use of it then try to restrict the SSL connection to those
> ciphers, or to prioritise them. The "ciphers" SSL configuration option
> in the broker is one way of achieving that. For configuration details
> see http://www.erlang.org/doc/man/ssl.html
> You might also gain some useful insight by using an SSL traffic analyser
> such as "ssldump". If long gaps appear in the timeline then the output
> may help you to determine what is responsible for the delay.
> Do other SSL clients also take long to connect? Try using the "openssl
> s_client" option as described here:
> and check whether such connections also take long.
> Does the Java client take long to connect when the SSL layer is provided
> by a different SSL service? You can try this by connecting to the broker
> via stunnel, socat or similar.
> The last two questions may help you to focus on whether the problem lies
> on the client or server side.
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
More information about the rabbitmq-discuss