On Fri, Mar 02, 2007 at 07:47:29PM +0200, Sergey S. Levin wrote: > Hello Richard, > > >But which cpu types/frequencies are involved on both sides of the > >connection and which cipher suite do you use? > > Server - Celeron 2GHz, Cient - Intel PIV 2GHz. > As to the second question - I'm not changing the defaul values in the > sources code. I had taken the saccept.c and sconnect.c as the base. > 1. Which command changes it? > 2. Which cipher suite should I use to increase the perfomance?
All the available cipher-suites should be able to give reasonable performance. Use: openssl speed aes-256-cbc aes-128-cbc des-ede3 rc4 to estimate the expected throughput. On a 1.0GHz G4 laptop (not very fast by today's standards) I get (0.9.8d): ------- The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes rc4 115558.17k 136281.31k 141916.65k 142890.26k 141116.23k aes-128 cbc 46802.45k 51413.37k 52360.24k 52556.33k 52390.01k aes-256 cbc 38766.81k 41876.09k 42495.54k 42638.51k 42541.89k des ede3 10826.44k 11154.70k 11244.89k 11266.88k 11256.52k ------- Even 3DES at ~11MB/s will still fill an 100Mbps ethernet link. Is the client to server application protocol streaming or RPC-like half-duplex lock-step send/ack/repeat? AES-128 is a good choice, RC4 is faster, but should be avoided for security reasons. On a more "competitive" Opteron: ------- The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes rc4 352435.01k 364963.95k 412739.58k 425921.54k 430820.01k aes-128 cbc 61725.30k 107617.51k 137287.34k 148495.02k 149626.88k aes-256 cbc 52085.21k 84101.80k 101958.40k 107398.14k 108276.39k des ede3 17907.50k 17924.14k 18002.94k 17805.65k 17995.09k ------- So here AES-128 and AES-256 can in principle reach ~1Gbps. If your problem is protocol latency (rather than CPU for encryption), switching ciphers won't help. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]