On Jul 25, 2014 5:15 PM, "Dr. Stephen Henson" <st...@openssl.org> wrote: > > On Thu, Jul 24, 2014, Denis Berezhnoy wrote: > > > Hi guys, > > > > I have a question regarding TLS1.0 and TLS1.2 performance. > > > > Is it a correct expectation is that TPS (transactions per seconds) > > performance is worse with TLS1.2 protocol compared to TLS1.0? > > > > I found is that TLS1.2 has additional overhead in explicit IV vector > > initialization with random bytes. In my environment which is based off > > openss1.0.1g I can see difference between TLS1.0 and TLS 1.2 protocols due > > to this extra initialization.
Can you confirm, that you don't see much difference if explicit IV initialization is skipped in tls1_enc(). If yes, it could be a problem with random number generator being used. Are you using any customized rand method? > > > > This a general question but I think that TLS1.2 performance should be worse > > due extra checks. > > > > Can you please confirm if my observation makes any sense? > > > > The additional explicit IV will have some effect on the speed, how much > depends on the record size. > > But that's if you compare the same ciphersuite. The GCM ciphersuites (which can > be used in TLS 1.2) should show a considerable *increase* in performance > compared to any you can use in TLS 1.0. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org
