Hi,
JEP 246 goes into some of these details but, particularly for AES-GCM
for jdk9 with the GHASH intrinsics. Also jdk supports intrinsics for
SHA1/2 and RSA. For jdk8, AES block ops use AES-NI and AES-CBC has been
parallelized.
http://openjdk.java.net/jeps/246
Tony
On 05/10/2016 09:48 AM, Müller, Steffen (AIFB) wrote:
Hi,
I have a short – but probably not easy – question to the sec-dev
community, since we have a research project dealing with the performance
impact and performance optimizations for TLS:
What TLS cipher suites and ciphers, modes of operation, security
providers, etc. in general benefit from AES-NI in Java 8/9?
I know that the TLS cipher suites using AES-GCM benefit from AES-NI in
Java 8. The performance impact in various experiments can be
considerable – measured with OpenJDK and OracleJDK 8u92. Furthermore, I
can enable or disable AES-NI support (see, e.g.:
https://stackoverflow.com/questions/23058309/aes-ni-intrinsics-enabled-by-default).
I found the globals.hpp where the UseAES and UseAESIntrinsics is
defined, but no further information. The Intel sources stemming from
2012, on the other side, only mention the NSS library (see, e.g.:
https://software.intel.com/en-us/articles/intel-aes-ni-performance-testing-on-linuxjava-stack#enable-intel-eas-ni-in-oracle-jvm).
In sum, the documentation regarding AES-NI support in Java is very
inconsistent. I tried to find more information about this topic, but… Is
there any further up-to-date documentation regarding AES-NI in Java 8/9?
Is there anybody who can give me more information about this topic?
Thanks
Steffen Mueller
