]>
Commit | Line | Data |
---|---|---|
58964a49 RE |
1 | |
2 | More number for the questions about SSL overheads.... | |
3 | ||
4 | The following numbers were generated on a pentium pro 200, running linux. | |
5 | They give an indication of the SSL protocol and encryption overheads. | |
6 | ||
7 | The program that generated them is an unreleased version of ssl/ssltest.c | |
8 | which is the SSLeay ssl protocol testing program. It is a single process that | |
9 | talks both sides of the SSL protocol via a non-blocking memory buffer | |
10 | interface. | |
11 | ||
12 | How do I read this? The protocol and cipher are reasonable obvious. | |
13 | The next number is the number of connections being made. The next is the | |
14 | number of bytes exchanged bewteen the client and server side of the protocol. | |
15 | This is the number of bytes that the client sends to the server, and then | |
16 | the server sends back. Because this is all happening in one process, | |
17 | the data is being encrypted, decrypted, encrypted and then decrypted again. | |
18 | It is a round trip of that many bytes. Because the one process performs | |
19 | both the client and server sides of the protocol and it sends this many bytes | |
20 | each direction, multiply this number by 4 to generate the number | |
21 | of bytes encrypted/decrypted/MACed. The first time value is how many seconds | |
22 | elapsed doing a full SSL handshake, the second is the cost of one | |
23 | full handshake and the rest being session-id reuse. | |
24 | ||
25 | SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s | |
26 | SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s | |
27 | SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s | |
28 | SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA | |
29 | SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s | |
30 | SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s | |
31 | SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s | |
32 | ||
33 | SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s | |
34 | SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s | |
35 | SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA | |
36 | SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s | |
37 | SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s | |
38 | SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s | |
39 | ||
40 | SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s | |
41 | SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s | |
42 | SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s | |
43 | SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA | |
44 | SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s | |
45 | SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s | |
46 | SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s | |
47 | ||
48 | SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s | |
49 | SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s | |
50 | SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s | |
51 | SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA | |
52 | SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s | |
53 | SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s | |
54 | SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s | |
55 | ||
56 | What does this all mean? Well for a server, with no session-id reuse, with | |
57 | a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, | |
58 | a pentium pro 200 running linux can handle the SSLv3 protocol overheads of | |
59 | about 49 connections a second. Reality will be quite different :-). | |
60 | ||
61 | Remeber the first number is 1000 full ssl handshakes, the second is | |
62 | 1 full and 999 with session-id reuse. The RSA overheads for each exchange | |
63 | would be one public and one private operation, but the protocol/MAC/cipher | |
64 | cost would be quite similar in both the client and server. | |
65 | ||
66 | eric (adding numbers to speculation) | |
67 | ||
68 | --- Appendix --- | |
69 | - The time measured is user time but these number a very rough. | |
70 | - Remember this is the cost of both client and server sides of the protocol. | |
72f6453c | 71 | - The TCP/kernel overhead of connection establishment is normally the |
58964a49 RE |
72 | killer in SSL. Often delays in the TCP protocol will make session-id |
73 | reuse look slower that new sessions, but this would not be the case on | |
74 | a loaded server. | |
75 | - The TCP round trip latencies, while slowing indervidual connections, | |
76 | would have minimal impact on throughput. | |
77 | - Instead of sending one 102400 byte buffer, one 8k buffer is sent until | |
78 | - the required number of bytes are processed. | |
79 | - The SSLv3 connections were actually SSLv2 compatable SSLv3 headers. | |
80 | - A 512bit server key was being used except where noted. | |
81 | - No server key verification was being performed on the client side of the | |
82 | protocol. This would slow things down very little. | |
83 | - The library being used is SSLeay 0.8.x. | |
84 | - The normal mesauring system was commands of the form | |
85 | time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse | |
86 | This modified version of ssltest should be in the next public release of | |
87 | SSLeay. | |
88 | ||
89 | The general cipher performace number for this platform are | |
90 | ||
91 | SSLeay 0.8.2a 04-Sep-1997 | |
92 | built on Fri Sep 5 17:37:05 EST 1997 | |
93 | options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) | |
94 | C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized | |
95 | The 'numbers' are in 1000s of bytes per second processed. | |
96 | type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes | |
97 | md2 131.02k 368.41k 500.57k 549.21k 566.09k | |
98 | mdc2 535.60k 589.10k 595.88k 595.97k 594.54k | |
99 | md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k | |
100 | sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k | |
101 | sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k | |
102 | rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k | |
103 | des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k | |
104 | des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k | |
105 | idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k | |
106 | rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k | |
107 | blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k | |
108 | sign verify | |
109 | rsa 512 bits 0.0100s 0.0011s | |
110 | rsa 1024 bits 0.0451s 0.0012s | |
111 | rsa 2048 bits 0.2605s 0.0086s | |
112 | rsa 4096 bits 1.6883s 0.0302s | |
113 |