Improving Node.js’ SSL Performance at PayPal

| by Abel Avram Follow 5 Followers on Apr 17, 2014. Estimated reading time: 1 minute |

A note to our readers: You asked so we have developed a set of features that allow you to reduce the noise: you can get email and web notifications for topics you are interested in. Learn more about our new features.

Trevor Livingston, a software engineer working for PayPal, has outlined in a recent post a number of suggestions to improve the outbound SSL performance of Node.js.

Using a less compute intensive cypher algorithm

First of all, Livingston remarked that some of the default cypher algorithms used by Node.js, such as Diffie Hellman and Elliptical Curve, are strong but “hugely expensive and basically cripple Node.js performance when you begin making a lot of outbound SSL calls at default settings.” In a service call, key generation takes up to 87% of the time, according to Livingston. He suggests using an algorithm that takes less resources:

var agent = new https.Agent({
    "key": key,
    "cert": cert,
    "ciphers": "AES256-GCM-SHA384"

With AES256, the time needed to generate the key was reduced to 32.5% in Livingston’s tests.

Using keep alive – which can raise the number of transactions/sec by more than 50%, according to the author of the keepAliveAgent package. This package won’t be necessary in the upcoming Node.js 0.12.

Optimizing agent.maxSockets – the default number of concurrent sockets per origin is 5 and the number should not be too high because it “can result in a negative performance impact”, according to Livingston.

Exercising caution in adjusting the slab buffer size, because it impacts the garbage collection time at high volumes. This tweak won’t be needed when 0.12 comes out.

Livingston also noted that the upcoming Node.js 0.12 has some improvements that almost doubles the number of requests/sec served when the AES256 algorithm is used.

Reusing sessions. Another advice to improve Node’s performance is to reuse sessions, an idea detailed by Miroslav Bajtoš in an earlier post. For this, one needs to create a sessions store and handle the newSession and resumeSession events. The respective post contains code samples showing session reuse for single-threaded apps and for clusters of worker processes.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you