Hi guys, Thanks a lot for your answers! Yes, I use customized rand method and it turns out to be very CPU expensive. And this is the root cause for my performance degradation with TLS1.2.
Best regards, Denis 2014-07-25 15:30 GMT-04:00 Thulasi Goriparthi <thulasi.goripar...@gmail.com> : > > On Jul 25, 2014 5:15 PM, "Dr. Stephen Henson" <st...@openssl.org> wrote: > > > > On Thu, Jul 24, 2014, Denis Berezhnoy wrote: > > > > > Hi guys, > > > > > > I have a question regarding TLS1.0 and TLS1.2 performance. > > > > > > Is it a correct expectation is that TPS (transactions per seconds) > > > performance is worse with TLS1.2 protocol compared to TLS1.0? > > > > > > I found is that TLS1.2 has additional overhead in explicit IV vector > > > initialization with random bytes. In my environment which is based off > > > openss1.0.1g I can see difference between TLS1.0 and TLS 1.2 protocols > due > > > to this extra initialization. > > Can you confirm, that you don't see much difference if explicit IV > initialization is skipped in tls1_enc(). If yes, it could be a problem with > random number generator being used. Are you using any customized rand > method? > > > > > > > This a general question but I think that TLS1.2 performance should be > worse > > > due extra checks. > > > > > > Can you please confirm if my observation makes any sense? > > > > > > > The additional explicit IV will have some effect on the speed, how much > > depends on the record size. > > > > But that's if you compare the same ciphersuite. The GCM ciphersuites > (which can > > be used in TLS 1.2) should show a considerable *increase* in performance > > compared to any you can use in TLS 1.0. > > > > Steve. > > -- > > Dr Stephen N. Henson. OpenSSL project core developer. > > Commercial tech support now available see: http://www.openssl.org > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org >
