Re: Some wird OpenSSL perfomance slowdown

Fri, 02 Mar 2007 10:16:45 -0800 

On Fri, Mar 02, 2007 at 07:47:29PM +0200, Sergey S. Levin wrote:

> Hello Richard,
> 
> >But which cpu types/frequencies are involved on both sides of the 
> >connection and which cipher suite do you use?
>
> Server - Celeron 2GHz, Cient - Intel PIV 2GHz.
> As to the second question - I'm not changing the defaul values in the 
> sources code. I had taken the saccept.c and sconnect.c as the base.
> 1. Which command changes it?
> 2. Which cipher suite should I use to increase the perfomance?

All the available cipher-suites should be able to give reasonable
performance. Use:

    openssl speed aes-256-cbc aes-128-cbc des-ede3 rc4

to estimate the expected throughput. On a 1.0GHz G4 laptop (not very fast
by today's standards) I get (0.9.8d):

-------
The 'numbers' are in 1000s of bytes per second processed.
type              16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
rc4             115558.17k   136281.31k   141916.65k   142890.26k   141116.23k
aes-128 cbc      46802.45k    51413.37k    52360.24k    52556.33k    52390.01k
aes-256 cbc      38766.81k    41876.09k    42495.54k    42638.51k    42541.89k
des ede3         10826.44k    11154.70k    11244.89k    11266.88k    11256.52k
-------

Even 3DES at ~11MB/s will still fill an 100Mbps ethernet link. Is the
client to server application protocol streaming or RPC-like half-duplex
lock-step send/ack/repeat? AES-128 is a good choice, RC4 is faster, but
should be avoided for security reasons. On a more "competitive" Opteron:

-------
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
rc4             352435.01k   364963.95k   412739.58k   425921.54k   430820.01k
aes-128 cbc      61725.30k   107617.51k   137287.34k   148495.02k   149626.88k
aes-256 cbc      52085.21k    84101.80k   101958.40k   107398.14k   108276.39k
des ede3         17907.50k    17924.14k    18002.94k    17805.65k    17995.09k
-------

So here AES-128 and AES-256 can in principle reach ~1Gbps. If your problem
is protocol latency (rather than CPU for encryption), switching ciphers won't
help.

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to