*
Secure communication is vital in today's digital world, but it sometimes
slows down your applications. We invite you to an insightful webinar on
optimizing application performance using OpenSSL. This session is
designed for individuals seeking to enhance the security and efficienc
Hi,
The source crypto/bn/asm/rsaz-avx512.pl ( crypto/bn/rsaz-avx512.s )
has an improved RSA using the novel vpmadd52* instructions from
Intel
So, are there any implementations for Elliptic Curve handshakes?
Has anyone tried this to see if performance is better/worse/the-same?
Thanks!
Paul
Dear SSL,
Your encryption kit is fantastic. I have been using it to build self-signed
web certificates
and email certificates. I have also been using it to encrypt and decrypt
messages,
all via RSA, ad aes-256. I am running OpenSSL using 64 bit Windows 10, which
is different
to Linux, a litt
Dear,
Actually I'm doing the final project degree about modern algorithms performance
in TLS 1.3.
I would like to know if you can confirm some questions:
-The calculation of the shared secret of ECDH/DH for TLS 1.3 in the library
openssl is calculated in the function ssl_derive from the
On 9/25/2020 12:17 PM, Amy Smith via openssl-users wrote:
> I mmap the file which server will send (to eliminate disk performance).
In general, this won't work. In fact, it may make it *harder* to
eliminate disk performance from a measurement.
First, of course, mmap() isn't magic.
Hi,I have just started using openssl for my project. I'm building small server
application using intel QAT engine.1) I'm trying to find benchmark numbers for
pure hardware based comparison between with or without QAT engine. I mmap the
file which server will send (to eliminate disk p
Yay,
there are some controversial discussions taking place on
https://github.com/openssl/openssl/issues/9078
It would be great if you could join us and provide more details about the
circumstances of your issue. In particular, information like kernel/os version
and whether the significant startu
Hi,
I opened an issue on GitHub to discuss this problem in more detail.
https://github.com/openssl/openssl/issues/9078
It would be nice if you could join the discussion there.
Matthias
@Jay: in particular I'm interested to learn, which linux version and
distribution
you were using. On new
Correction, Tomáš was correct: there is an ` # ifndef DEVRANDOM` surrounding
the problematic code:
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1c/e_os.h#L25-L34
Neverthelesss, I still think this code needs to be changed, because the seeding
should just work correctly out-of-the-box withou
> To workaround the /dev/random blocking issue, you can just add:
>
> -DDEVRANDOM="\"/dev/urandom\""
>
> as a parameter to ./Configure
>
> This will remove the special handling of /dev/urandom and /dev/random
> in 1.1.1c.
Tomáš, Jay,
I'm afraid this suggestion won't help, because `DEVRANDOM_
On Tue, 2019-05-28 at 10:39 -0700, Jay Foster wrote:
> I built OpenSSL 1.1.1c from the recent release, but have noticed
> what
> seems like a significant performance drop compared with 1.1.1b. I
> notice this when starting lighttpd. With 1.1.1b, lighttpd starts in
> a
> few
> I built OpenSSL 1.1.1c from the recent release, but have noticed what
|>|> seems like a significant performance drop compared with 1.1.1b. I
|>|> notice this when starting lighttpd. With 1.1.1b, lighttpd starts in a
|>|> few seconds, but with 1.1.1c, it takes several minu
On 28/05/2019 23:48, Steffen Nurpmeso wrote:
Jay Foster wrote in <84571f12-68b3-f7ee-7896-c891a2e25...@roadrunner.com>:
|On 5/28/2019 10:39 AM, Jay Foster wrote:
|> I built OpenSSL 1.1.1c from the recent release, but have noticed what
|> seems like a significant performance d
> I think I have tracked down the change in 1.1.1c that is causing this.
> It is the addition of the DEVRANDOM_WAIT functionality for linux in
> e_os.h and crypto/rand/rand_unix.c. lighttpd (libcrypto) is waiting in
> a select() call on /dev/random. After this eventually wakes up, it then
> reads
jayf0s...@roadrunner.com said:
> I think I have tracked down the change in 1.1.1c that is causing this. It
> is the addition of the DEVRANDOM_WAIT functionality for linux in e_os.h and
> crypto/rand/rand_unix.c. lighttpd (libcrypto) is waiting in a select() call
> on /dev/random. ...
I hav
I also noticed that with 1.1.1b, the CFLAGS automatically included
'-Wall -O3', but with 1.1.1c, '-Wall -O3' is no longer included in the
CFLAGS. was this dropped? I added '-Wall -O3' to the CFLAGS, but this
did not seem to have any affect on the performance
Jay Foster wrote in <84571f12-68b3-f7ee-7896-c891a2e25...@roadrunner.com>:
|On 5/28/2019 10:39 AM, Jay Foster wrote:
|> I built OpenSSL 1.1.1c from the recent release, but have noticed what
|> seems like a significant performance drop compared with 1.1.1b. I
|> notice thi
On 5/28/2019 10:39 AM, Jay Foster wrote:
I built OpenSSL 1.1.1c from the recent release, but have noticed what
seems like a significant performance drop compared with 1.1.1b. I
notice this when starting lighttpd. With 1.1.1b, lighttpd starts in a
few seconds, but with 1.1.1c, it takes
I built OpenSSL 1.1.1c from the recent release, but have noticed what
seems like a significant performance drop compared with 1.1.1b. I
notice this when starting lighttpd. With 1.1.1b, lighttpd starts in a
few seconds, but with 1.1.1c, it takes several minutes.
I also noticed that with
Hi,
I am building openssl 1.1.1 on windows with 2 different configurations and
I see performance difference for des-cbc.
1) *"perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-rc4
enable-deprecated no-shared enable-ssl3 no-asm --prefix=
--openssldir= " *
The speed test results f
On 10/04/2019 11:03, valmiki wrote:
>
>>> Hi All,
>>>
>>> I'm trying to understand server and client code over tcp using openssl.
>>>
>>> How does the flow work when we do SSL_write or SSL_read.
>>>
>>> SSL_write -> send buffer to kernel crypto subsystem -> take encrypted
>>> buffer and send i
to kernel space
>> and vice versa
>>
>> -> open ssl libary to kernel crypto subsystem
>>
>> -> kernel crypto subsystem to ssl library
>>
>> -> ssl library to network subsystem
>>
>> Does this mean for sending a buffer we need to three context switches from
>> user to kernel and vice versa ?
>>
>> Doesn't this effect performance ?
>>
>> Please correct me if my understanding is wrong.
>>
>> Regards,
>> valmiki
>>
>>
>>
>>
>>
>>
ary to network subsystem
>
> Does this mean for sending a buffer we need to three context switches from
> user to kernel and vice versa ?
>
> Doesn't this effect performance ?
>
> Please correct me if my understanding is wrong.
>
> Regards,
> valmiki
>
>
>
>
>
>
from user
to kernel and vice versa ?
Doesn't this effect performance ?
Please correct me if my understanding is wrong.
Regards,
valmiki
Hi,
I am trying to measure performance of DH operations in OpenSSL. I see
that OpenSSL speed application doesn't support measuring DH performance. Is
there a way to measure DH performance using some openssl application?
Thanks
Ravichandra
--
openssl-users mailing list
To unsubscribe:
% poor
performance than TLS under different network conditions. We are using async
socket. epoll on linux and select on the windows side.
Do we know any known performance limitation with DTLS in existing OpenSSL lib?
Thanks in advanceAnand--
openssl-users mailing list
To unsubscribe: https
t; Neetish Pathak
> *Reply-To: *"openssl-users@openssl.org"
> *Date: *Thursday, September 14, 2017 at 4:20 PM
> *To: *"openssl-users@openssl.org"
> *Subject: *[EXT] [openssl-users] TLS 1.3 performance
>
>
>
> Hi,
>
>
>
> I worked on TLS 1
-handshake handshake messages.
Regards
Roelof
From: openssl-users on behalf of Neetish
Pathak
Reply-To: "openssl-users@openssl.org"
Date: Thursday, September 14, 2017 at 4:20 PM
To: "openssl-users@openssl.org"
Subject: [EXT] [openssl-users] TLS 1.3 performance
Hi,
I worked on
Hi,
I worked on TLS 1.3 performance bench-marking. After my tests, I found that
TLS 1.3 based resumption is not giving us the connection latency benefits
when tested in a LAN environment. It is slower than TLS 1.2. When tested on
WAN, definitely, TLS 1.3 fares better than TLS 1.2.
I want your
Afternoon,
I have been running some speed tests of openssl 1.0.1, 1.0.2 and 1.1.0
versions against various compiler optimisations. Special interest was given
to the more commonly used primitives, rsa's, aes's etc.
I noticed that SHA1's have some significant performance improvemen
On 03/07/2016 07:58 PM, James M Takahashi wrote:
> _https://www.openssl.org/docs/fipsnotes.html_ mentions the following:
>
> As a result of the POST performance issue we revisited the KAT (Known
> Answer Test) requirements in the POST process that were burning up most
> of
https://www.openssl.org/docs/fipsnotes.html mentions the following:
As a result of the POST performance issue we revisited the KAT (Known
Answer Test) requirements in the POST process that were burning up most of
those cycle. In consultation with a CMVP test lab we determined that it
Hi,
Can someone suggest me some open source performance measurement tools
which will help me benchmark SSL stack performance like number of
handshakes/sec and throughput(data rate/connection). openssl speed only
provides raw crypto performance. I need to find the SSL stack performance
as
Hi Team,
I want to test openssl performance with and without using cryptodev
driver.I tried 2 things but my both cases are fluctuating.
*1. "Openssl speed test" with and without HW*
When i am running openssl speed test using the below command,
"openssl speed -evp aes-128-cbc&
> I will just grab master then. Will this change be in the next 1.0.2 release?
No. Released branches only get bug-fixes.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I will just grab master then. Will this change be in the next 1.0.2 release?
-Bryan
> On May 8, 2015, at 10:12 AM, Salz, Rich wrote:
>
>
>> You can private message me the patch and I can benchmark it for you.
>> Please let me know what release version or hash on git that it will cleanly
>>
> You can private message me the patch and I can benchmark it for you.
> Please let me know what release version or hash on git that it will cleanly
> apply. Do you know what release this will be going in?
It is this commit 3e47caff4830d2a117eda15b57a5feab89b846ae on master. A quick
check sho
You can private message me the patch and I can benchmark it for you. Please
let me know what release version or hash on git that it will cleanly apply. Do
you know what release this will be going in?
-Bryan
> On May 1, 2015, at 6:49 AM, Salz, Rich wrote:
>
>> Lock #1 is CRYPTO_LOCK_ERR,
It is in non-blocking mode.
After removing the call to SSL_get_error for the SSL_read case (0 return value)
I discovered we call SSL_get_error in a couple more places. Here is a simple
request and the return codes on SSL_accept, SSL_read, and SSL_write and the
return codes from SSL_get_error.
Hi,
i have a performance problem with aes-xxx-cbc in evp mode on some cpus.
Drop from 70MB/s to 30MB/s. It seems that the vpaes implemention is not
good for all cpus that support ssse3. (I know that it speed up a lot on
many Intel cpu's)
Tested cpu's that have the problem:
AMD E-
Not sure.
Are you using blocking or non-blocking IO?
Have you tried SSL_MODE_AUTO_RETRY?
Do you notice a different return value from SSL_read() after a zero byte
read compared to other errors?
On 05/06/2015 07:12 PM, Bryan Call wrote:
> Do you know if there is a way from preventing a call to
Do you know if there is a way from preventing a call to SSL_get_error() after
getting a 0 byte read from SSL_read()? This is the main issue I am facing with
the OpenSSL error locking right now.
-Bryan
> On May 1, 2015, at 6:49 AM, Salz, Rich wrote:
>
>> Lock #1 is CRYPTO_LOCK_ERR, which I
Yes, if you never call FIPS_mode_set(), the POST will never run. I'll
defer to the experts on your other questions.
On 05/01/2015 05:10 PM, Bryan Call wrote:
> So can I assume the FIPS POST has completed if I never call FIPS_mode_set()
> in the code? I was confused about that.
>
> When we call
So can I assume the FIPS POST has completed if I never call FIPS_mode_set() in
the code? I was confused about that.
When we call SSL_read() and get a 0 byte return we call SSL_get_error() to see
if there was an error not not. Maybe there is a more efficient handle this,
like looking at the sh
>Lock #1 is CRYPTO_LOCK_ERR, which I believe is used for logging errors. It
>appears your application is generating a lot of errors for some reason. Never
>tried it myself, but you probably can't disable this lock with multiple
>threads running. You should take a look at the error log to iden
The changes to SSL_locking_callback() look good. But the code you've
added to SSL_CTX_add_extra_chain_cert_file() doesn't accomplish much.
You're checking if FIPS is on or off, then setting the FIPS mode to the
current setting, which is a no-op.
On 04/30/2015 09:49 PM, Bryan Call wrote:
> (plai
Lock #1 is CRYPTO_LOCK_ERR, which I believe is used for logging errors.
It appears your application is generating a lot of errors for some
reason. Never tried it myself, but you probably can't disable this lock
with multiple threads running. You should take a look at the error log
to identify th
(plain text and removed most of the history)
John if you don’t mind reviewing my change to Apache Traffic Server. It seems
to be working very well. Thank you again!
https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=blobdiff;f=iocore/net/SSLUtils.cc;h=0b732440636ab4e9eaedf237a5674bd
This is for Apache Traffic Server and we have no knobs for turning on/off FIPS.
I am thinking about always disabling FIPS right now and that would happen
before we create the threads.
I was able to get rid of all the FIPS lock connection with the changes you
recommend (Big Thanks!). The big
Correct. Locks 39/40 are only useful while the POST is running. Once
the POST completes, the POST status never changes again unless the POST
runs again. The only way to run the POST is by invoking
FIPS_mode_set(1). But there should be no reason to invoke
FIPS_mode_set(1) more than once unless y
Can I safely assume that if I call FIPS_mode_set(0) and get a successful return
value then I don’t need to lock when there are callbacks for type 39 and 40
locks (for OpenSSL 1.0.1 and 1.0.2)?
-Bryan
> On Apr 28, 2015, at 10:22 AM, John Foley wrote:
>
> In the context of OpenSSL 1.0.1 or 1
> In the future, this may change if/when OpenSSL does another FIPS validation.
> CMVP has changed the implementation guidance that requires the POST to run
> automatically without user intervention. Any future FIPS validations would
> be subject to the new rules. Hence, the behavior of FIPS_mode_
In the context of OpenSSL 1.0.1 or 1.0.2, this means FIPS_mode_set(1)
has returned with a successful return value.
In the future, this may change if/when OpenSSL does another FIPS
validation. CMVP has changed the implementation guidance that requires
the POST to run automatically without user in
What do you mean by “FIPS POST has completed”?
-Bryan
> On Apr 24, 2015, at 4:17 PM, John Foley wrote:
>
> Some of the algorithms still invoke the FIPS flavor of the algorithm even
> when FIPS is disabled. For example, this code is from EVP_DigestUpdate().
>
> int EVP_DigestUpdate(EVP_MD_
Some of the algorithms still invoke the FIPS flavor of the algorithm
even when FIPS is disabled. For example, this code is from
EVP_DigestUpdate().
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{
#ifdef OPENSSL_FIPS
return FIPS_digestupdate(ctx, data, count);
#else
In my last email I ran the benchmark on Fedora 21 (big mistake). Here are the
results when running it back on the 28/56 core RHEL 6.5 server showing
contention in a different place (fips). Is there a reason it would be calling
into the FIPS code to get a lock of FIPS is not enabled?
Contenti
When you create the private key given to SSL_CTX, be sure to instantiate
a private key for each thread as well. If you share the same key across
all threads, this can introduce contention.
Here are the type 1 & 2 locks:
# define CRYPTO_LOCK_ERR 1
# define CRYPTO_LOCK_EX_DATA
We are using a single SSL_CTX across all the threads, so I will create multiple
SSL_CTX per thread. I implemented dynlock callbacks yesterday, but I didn’t
see them being used in the tests I did. I also added atomic counters to see
what type of locks are having contention (see logs below):
Mo
Looking at your call stack, it appears you're testing with FIPS mode
enabled. There's a lock in FIPS_selftest_failed() that's used to ensure
the crypto algorithms inside the FIPS boundary are not utilized until
after the POST has completed and passed. Unfortunately this lock remains
installed for
I was running a benchmark on a 28 core (56 hyper-threaded) server that is
running 84 threads in the process and I am seeing a lot of lock contention. I
saw a lot of lock contention in the calls to SSL_get_error() ssl3_accept(). I
am running RHEL 6.5 and openssl-1.0.1e-30.el6_6.7.x86_64. We ha
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Dr. Stephen Henson
> Sent: Friday, December 19, 2014 11:37
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] OpenSSL performance issue
>
> On Fri, Dec 19, 2014, Dave Thompson wrote:
&
gt; > Sent: Thursday, December 18, 2014 16:36
> > > To: openssl-users@openssl.org
> > > Subject: Re: [openssl-users] OpenSSL performance issue
> > >
> > > So the differnce here is that jave picks a DHE ciphersuite while
> otherwise
> > you
> > >
On 19/12/14 15:17, Brian Reichert wrote:
> On Fri, Dec 19, 2014 at 02:30:07AM +0530, Prabhat Puroshottam wrote:
>> As you can see the big time difference between the two executions - which
>> actually involve the same application level data. The largest chunk of
>> time is spent waiting for hand
On Fri, Dec 19, 2014 at 02:30:07AM +0530, Prabhat Puroshottam wrote:
> As you can see the big time difference between the two executions - which
> actually involve the same application level data. The largest chunk of
> time is spent waiting for handshake from *Proxy Server*. The response time
>
On 19/12/2014 12:11, Jakob Bohm wrote:
On 19/12/2014 00:10, Prabhat Puroshottam wrote:
I am trying to summarize the problem again, since the previous
mail seems confusing to some of you. It might help you quickly understand
the problem I am facing:
We have a product, where Client connects to Se
On 19/12/2014 00:10, Prabhat Puroshottam wrote:
I am trying to summarize the problem again, since the previous
mail seems confusing to some of you. It might help you quickly understand
the problem I am facing:
We have a product, where Client connects to Server (Proxy Server in my
earlier mail).
at proxy server might
> support that.
>
I assumed OP's traces are the first session. Besides OpenSSL
client doesn't cache by default; you must code to enable it.
> You also seem to be using an old version of openssl that only
> supports TLSv1, I suggest you upgrade.
&g
ssl.org
> > Subject: Re: [openssl-users] OpenSSL performance issue
> >
> > So the differnce here is that jave picks a DHE ciphersuite while
otherwise
> you
> > didn't. DHE gives you forward secrecy but is slower.
>
> And if DH parameters have not been set, Op
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Kurt Roeckx
> Sent: Thursday, December 18, 2014 16:36
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] OpenSSL performance issue
>
> So the differnce here is that jave picks a
> Date: Thu, 18 Dec 2014 22:36:08 +0100
> From: k...@roeckx.be
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] OpenSSL performance issue
>
> On Fri, Dec 19, 2014 at 02:30:07AM +0530, Prabhat
> Date: Thu, 18 Dec 2014 22:36:08 +0100
> From: k...@roeckx.be
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] OpenSSL performance issue
>
> On Fri, Dec 19, 2014 at 02:30:07AM +0530, Prabhat
> I would like to understand why startHandshake() is taking so long.
Somebody else pointed out the differences in ciphers. You should take the time
to understand that message.
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.openss
I am trying to summarize the problem again, since the previous
mail seems confusing to some of you. It might help you quickly understand
the problem I am facing:
We have a product, where Client connects to Server (Proxy Server in my
earlier mail). Client is implemented in C and uses OpenSSL, whi
> So the differnce here is that jave picks a DHE ciphersuite while
> otherwise you didn't. DHE gives you forward secrecy but is
> slower.
Being relatively new to OpenSSL and security programming in general,
obviously I need to read into these, but could it cause the delay in
sending ServerHello
> So the differnce here is that jave picks a DHE ciphersuite while
> otherwise you didn't. DHE gives you forward secrecy but is
> slower.
Being relatively new to OpenSSL and security programming in general,
obviously I need to read into these, but could it cause the delay in
sending ServerHello by
> Why do you say it shouldn't matter? The new Java proxy server is most likely
> the cause. Do some packet captures, between Client<>Agent and Clinet<>Proxy.
> L ook at the timing, and see if the client ends up waiting for packets from
> the proxy.
Sorry may be I wasn't able to convey it. The j
On Fri, Dec 19, 2014 at 02:30:07AM +0530, Prabhat Puroshottam wrote:
> ***
> This is for *Client -> Agent*
> ***
[...]
> Version 3.1
[...]
> cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
[...]
> *
> *Client* and *Agent* are implemented in C, while *Proxy Server* uses Java
> code (This shouldn't really matter). But might be helpful for you to know.
> The issue is, connecting *Client* to *Agent* is very fast (that is
> relatively).
> While connecting *Client* to *Proxy Server* is very slow -
Hi,
I think my last email was somehow lost in transition between the mail
servers so I am starting afresh if somebody can help. If you have
already taken pains to read through this mail, kindly skip to the bottom
of the mail. Thanks for your patience.
First let me state upfront that I am relati
> From: owner-openssl-us...@openssl.org On Behalf Of Prabhat Puroshottam
> Sent: Tuesday, December 02, 2014 07:04
> We have a product which uses OpenSSL to connect and transfer
> application level data. There are two ways to connect, and get the
> application level data from *Agent* to *Client*
>
Hi,
First let me state upfront that I am relatively very new to OpenSSL.
Also please forgive me if this is not the correct mailing list for this issue.
We have a product which uses OpenSSL to connect and transfer
application level data. There are two ways to connect, and get the application
lev
Hi,
Thanks all for your update. But functionality wise it is working
fine. I can remove the inner loop but that will require packet size to
be of 1K. I tried with that also but did not find any improvement in
performance. In my setup there are 8 routers between source &
destination. Can an
stand if there is any way to
> improve performance of SSL_Read or SSL_write to achive high performance.
> Following are my client server programmes. Here client writes file on
> server machine in hardcoded location and name.
You have lot of errors in your program. I suggest that you first
prop
On Mon, Sep 08, 2014 at 11:16:46PM +0530, Alok Sharma wrote:
> while ( (n = read(fd, recvBuff, sizeof(recvBuff)-1)) > 0)
> {
> recvBuff[n] = 0;
> mode=n;
> i=0;
> while(mode>0)
> {
> len=SSL_write(ssl, recvBuff, mode);
>
encryption APIs and writing data to sockets. But I don't have much
understanding what SSL_Write or SSL_read does internally . So wanted to
understand if there is any way to improve performance of SSL_Read or
SSL_write to achive high performance. Following are my client server
programmes. Here client w
On Sun, Sep 07, 2014 at 01:00:17PM +0530, Alok Sharma wrote:
>I am writing one sample ssl based client server model which uses
> SSL_Read & SSL_Write API provided by openssl.
If you transfering each block of data as an RPC, with a round-trip
acknowledgement before sending the next block, and
-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Alok Sharma
Sent: Sunday, September 07, 2014 03:30
To: openssl-...@openssl.org; openssl-users@openssl.org
Subject: Performance related queries for SSL based client server model
Hi,
I am writing one sample ssl based
an alternative way to use open ssl read or
write to improve performance. I searched in scp code and found it does not
use SSL_read/SSL_write. So if there is another set of APIs which I can use
or any idea how I can meet the same performance as scp.
Regards,
Alok
Hi guys,
Thanks a lot for your answers! Yes, I use customized rand method and it
turns out to be very CPU expensive. And this is the root cause for my
performance degradation with TLS1.2.
Best regards,
Denis
2014-07-25 15:30 GMT-04:00 Thulasi Goriparthi
:
>
> On Jul 25, 2014 5:15 P
On Jul 25, 2014 5:15 PM, "Dr. Stephen Henson" wrote:
>
> On Thu, Jul 24, 2014, Denis Berezhnoy wrote:
>
> > Hi guys,
> >
> > I have a question regarding TLS1.0 and TLS1.2 performance.
> >
> > Is it a correct expectation is that TPS (transactions
On Thu, Jul 24, 2014, Denis Berezhnoy wrote:
> Hi guys,
>
> I have a question regarding TLS1.0 and TLS1.2 performance.
>
> Is it a correct expectation is that TPS (transactions per seconds)
> performance is worse with TLS1.2 protocol compared to TLS1.0?
>
> I
It is hard to imagine that a few random bytes makes a measurable difference,
but I suppose it’s possible. You’ve checked, for example, that you’re using
the same cipher suite in both cases? And what’s a transaction – connect, then
shutdown with no application-level traffic to get in the way?
Hi guys,
I have a question regarding TLS1.0 and TLS1.2 performance.
Is it a correct expectation is that TPS (transactions per seconds)
performance is worse with TLS1.2 protocol compared to TLS1.0?
I found is that TLS1.2 has additional overhead in explicit IV vector
initialization with random
On Wed, Nov 13, 2013, Vuille, Martin (Martin) wrote:
> Collected performance numbers using "openssl speed" for two copies of OpenSSL
> 1.0.1e,
> one built as FIPS-capable, the other not, running on an ARMv6. I am having a
> hard time
> understanding the differe
Collected performance numbers using "openssl speed" for two copies of OpenSSL
1.0.1e,
one built as FIPS-capable, the other not, running on an ARMv6. I am having a
hard time
understanding the differences I observed and would appreciate any insight.
Non-FIPS Capable
# openssl spee
>Aside: this message was pretty garbled, and in richtext which my Outlook won't
>fix sensibly.
>I've tried to manually reformat what I can, but it would be easier if you
>posted plaintext.
Really sorry for that, I saw it only once message was already posted.
Thanks for taking the time anyway.
lly agree with you in
>that no system is proven to be 100% reliable but my work is not to care about
>things I cannot handle like access to host device. On the other side, my work
>is to use the most secure cipher suite I can afford relatively to performance
>issue.
Une message
ne kind of MAC, and the only one used in SSL/TLS until recently. GCM
is a relatively new
cipher mode that provides both encryption and MAC in one operation, generically
called AEAD
Authenticated Encryption with Additional Data. (Some other AEAD modes have been
created,
but not adopted fo
Ø (sorry for duplicating the thread, I did'nt receive any answer in my mailbox
as I expected, I only saw them through the mail archive...?)
It’s common (and many would say, the correct behavior) for mailing list replies
to go to the mailing list.
Ø I've started with a 1K key and later on swi
>RSA key size only affects handshake, and should be costly client side only if
>>using client-auth; are you?No; as client and server code is under my
>responsability, I chosed to also asked for client-auth. Still, I don't see how
>this could be the reason for my slowdown given the overall data
1 - 100 of 208 matches
Mail list logo
