This is not a –dev question, and there’s no need to send three times.
scp uses the SSH protocol. OpenSSL does not implement SSH. OpenSSH, which is a different product from a different source, implements SSH, although in their design the scp program doesn’t do any comms at all, it just pipes to the ssh program which does. What kind of network(s) are you transiting, and what are your endpoints? On my dev LAN, which is one uncongested reliable 100Mbps switch, I get plain TCP at nearly the hardware limit 8sec per 100MB, and within 10% of that for SCP/SSH or trivial-app/SSL. These do 700MB in barely a minute. SSL and SSH differ significantly in connection setup/handshake, and slightly in multiplexing the data, but once actually sending application data they use mostly the same range of ciphers and MAC, with openssh actually calling libcrypto, and use TCP pretty much the same way, so unless you’re doing or (perhaps unintentionally) invoking something wrong, you should get roughly the same speed for both. Try netcat to measure only the network (and disk) with almost no CPU; that gives you an upper bound on any protocol – except one that can and does compress well: I believe openssh can and openssl definitely can depending on how it’s built, but many people disable it post-CRIME, and it certainly depends very much on your data. You might try gzip on your data and if that makes much difference send the gzipped form. From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Alok Sharma Sent: Sunday, September 07, 2014 03:30 To: openssl-...@openssl.org; openssl-users@openssl.org Subject: Performance related queries for SSL based client server model Hi, I am writing one sample ssl based client server model which uses SSL_Read & SSL_Write API provided by openssl. But I found that my application is very slow it takes around 40 mins to copy 700MB file. While same file using scp finishes in 10 mins. So my query is that is there an alternative way to use open ssl read or write to improve performance. I searched in scp code and found it does not use SSL_read/SSL_write. So if there is another set of APIs which I can use or any idea how I can meet the same performance as scp. Regards, Alok
