I'm trying to tweak vsftpd to achieve maximum performance for my usage:

• I have only one or two clients that connect to the server.
• File size is between ~15MB and 1GB.
• Typical transfer batch represent between 1 and 2GB of data.

For testing purposes, I'm using a tmpfs on both sides (thus eliminating any disks bottleneck) with a single 1GB file.

When SSL is disabled, performance is good, with a transfer rate at ~120MB/s (reaching the limits of gigabit networking).

With SSL enabled only for control traffic (and not data traffic), performance drops at about 112MB/s, which is still within the acceptable limits.

However, when SSL is enabled for data flows, the transfer speed drops dramatically:

• 6.7MB/s using 3DES & SHA (ssl_ciphers=DES-CBC3-SHA in vsftpd.conf)
• 16MB/s using DES & SHA (ssl_ciphers=DES-CBC-SHA)

I didn't tested other ciphers, but from what I can see from the CPU usage during the transfer, it seems that vsftpd is only using a single cpu/core per client. While this can fit for large ftp sites with hundreds of clients, I'd like to avoid this behavior and use more ressources on the server.

On a side note, if you have any ideas regarding other openssl ciphers...