Benchmark of ssl's performance compared with nginx would be much appreciated!
Thanks very much :smile:
I can already tell you that nginx is going to be a lot fast, somewhere around 3x to 10x faster. This has nothing to do with fasthttp and is completely because of the Golang crypto stack being written in Go. This means it doesn't have the decades of performance optimizations that other stacks like OpenSSL have.
More on this can be found in these issues: https://github.com/golang/go/issues/21525 and https://github.com/golang/go/issues/22807
Would it be faster to proxy the ssl request from nginx to the golang application than connecting directly with ssl to the golang application?
Almost everything will run faster if you terminate TLS on load-balancer/nginx cache.
Back to Go, I have investigated this pretty closely: elliptic curve crypto is quite optimized in crypto/tls, thus will be the closest to c-level libraries' performance, at least in the same order of magnitude.
That unfortunately means full stack, including ecdsa signatures and elliptic cert keys.
Most helpful comment
I can already tell you that nginx is going to be a lot fast, somewhere around 3x to 10x faster. This has nothing to do with fasthttp and is completely because of the Golang crypto stack being written in Go. This means it doesn't have the decades of performance optimizations that other stacks like OpenSSL have.
More on this can be found in these issues: https://github.com/golang/go/issues/21525 and https://github.com/golang/go/issues/22807