If you look at the builtin support it is only AES/CBC with the SunJCE (the AES/GCM has still a long way to go).
With external/platform specific providers (ucrypto on Solaris, libnss via PKCS11 and Windows Crypto API) you might get more hw support. Gruss Bernd -- http://bernd.eckenfels.net -----Original Message----- From: "Müller, Steffen (AIFB)" <steffen.muell...@kit.edu> To: "security-dev@openjdk.java.net" <security-dev@openjdk.java.net> Sent: Di., 10 Mai 2016 20:18 Subject: AES-NI support Hi, I have a short but probably not easy question to the sec-dev community, since we have a research project dealing with the performance impact and performance optimizations for TLS: What TLS cipher suites and ciphers, modes of operation, security providers, etc. in general benefit from AES-NI in Java 8/9? I know that the TLS cipher suites using AES-GCM benefit from AES-NI in Java 8. The performance impact in various experiments can be considerable measured with OpenJDK and OracleJDK 8u92. Furthermore, I can enable or disable AES-NI support (see, e.g.: https://stackoverflow.com/questions/23058309/aes-ni-intrinsics-enabled-by-de fault). I found the globals.hpp where the UseAES and UseAESIntrinsics is defined, but no further information. The Intel sources stemming from 2012, on the other side, only mention the NSS library (see, e.g.: https://software.intel.com/en-us/articles/intel-aes-ni-performance-testing-o n-linuxjava-stack#enable-intel-eas-ni-in-oracle-jvm). In sum, the documentation regarding AES-NI support in Java is very inconsistent. I tried to find more information about this topic, but Is there any further up-to-date documentation regarding AES-NI in Java 8/9? Is there anybody who can give me more information about this topic? Thanks Steffen Mueller
