crypto/tls extreamly slow!

[clarkk]

# go version
go version go1.19.2 linux/amd64

I have a simple HTTP server running TLS. When it's exposed directly to the internet it can only handle ~17 req/sec.

If I switch to HTTP and put it behind nginx and let nginx handle TLS, ciphers etc it handles ~100 req/sec

ab -n 100 -c 1

Why have you removed the option to select ciphers when using TLS1.3??

When I test the SSL certs, ciphers etc on the nginx everything is 100% without any vulnerabilities

https://www.ssllabs.com/ssltest/analyze.html

[mateusz834]

It probably happens because of slow RSA in golang, #20058, try using ECDSA, or switching to BoringSSL

[seankhliao]

Unlike many projects, the Go project does not use GitHub Issues for general discussion or asking questions. GitHub Issues are used for tracking bugs and proposals only.

For questions please refer to https://github.com/golang/go/wiki/Questions

[clarkk]

@mateusz834 How is it possible to select a preferred list of ciphers in golang with TLS 1.3?

The options are removed from TLS version 1.3

[mateusz834]

It is not possible by design (all TLS 1.3 cipher suites are really secure).