[openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread
Hubert Kario
hkario at redhat.com
Mon Nov 30 14:38:13 UTC 2015
On Tuesday 24 November 2015 10:49:26 Paul Dale wrote:
> On Mon, 23 Nov 2015 11:11:37 PM Alessandro Ghedini wrote:
> > Is this TLS connections?
>
> Yes, this is just measuring the TLS handshake. Renegotiations
> predominately. We deliberately didn't test the bulk symmetric crypto
> phase of the connection.
> > I'd like to know more...
>
> The data are a bit rough and ready but I've included what I can. I
> wasn't directly involved in taking these measurements, so Chinese
> whispers are entirely possible. I've been tasked with trying to find
> some performance enhancements.
>
> The TLS stack results are:
>
> stack CPU % connections/s
> OpenSSL 85 11,935
> atomic patch 22 16,465 proof of concept only, the stack
> is broken elsewhere
> NSS 47 46,507 !!!!!
are you sure that the negotiated cipher suite is the same and that the
NSS is not configured to reuse the server key share if you're using DHE
or ECDHE?
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151130/c87e393b/attachment.sig>
More information about the openssl-dev
mailing list