1*ebfedea0SLionel Sambuc 2*ebfedea0SLionel SambucMore number for the questions about SSL overheads.... 3*ebfedea0SLionel Sambuc 4*ebfedea0SLionel SambucThe following numbers were generated on a Pentium pro 200, running Linux. 5*ebfedea0SLionel SambucThey give an indication of the SSL protocol and encryption overheads. 6*ebfedea0SLionel Sambuc 7*ebfedea0SLionel SambucThe program that generated them is an unreleased version of ssl/ssltest.c 8*ebfedea0SLionel Sambucwhich is the SSLeay ssl protocol testing program. It is a single process that 9*ebfedea0SLionel Sambuctalks both sides of the SSL protocol via a non-blocking memory buffer 10*ebfedea0SLionel Sambucinterface. 11*ebfedea0SLionel Sambuc 12*ebfedea0SLionel SambucHow do I read this? The protocol and cipher are reasonable obvious. 13*ebfedea0SLionel SambucThe next number is the number of connections being made. The next is the 14*ebfedea0SLionel Sambucnumber of bytes exchanged between the client and server side of the protocol. 15*ebfedea0SLionel SambucThis is the number of bytes that the client sends to the server, and then 16*ebfedea0SLionel Sambucthe server sends back. Because this is all happening in one process, 17*ebfedea0SLionel Sambucthe data is being encrypted, decrypted, encrypted and then decrypted again. 18*ebfedea0SLionel SambucIt is a round trip of that many bytes. Because the one process performs 19*ebfedea0SLionel Sambucboth the client and server sides of the protocol and it sends this many bytes 20*ebfedea0SLionel Sambuceach direction, multiply this number by 4 to generate the number 21*ebfedea0SLionel Sambucof bytes encrypted/decrypted/MACed. The first time value is how many seconds 22*ebfedea0SLionel Sambucelapsed doing a full SSL handshake, the second is the cost of one 23*ebfedea0SLionel Sambucfull handshake and the rest being session-id reuse. 24*ebfedea0SLionel Sambuc 25*ebfedea0SLionel SambucSSLv2 RC4-MD5 1000 x 1 12.83s 0.70s 26*ebfedea0SLionel SambucSSLv3 NULL-MD5 1000 x 1 14.35s 1.47s 27*ebfedea0SLionel SambucSSLv3 RC4-MD5 1000 x 1 14.46s 1.56s 28*ebfedea0SLionel SambucSSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA 29*ebfedea0SLionel SambucSSLv3 RC4-SHA 1000 x 1 14.61s 1.83s 30*ebfedea0SLionel SambucSSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s 31*ebfedea0SLionel SambucSSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s 32*ebfedea0SLionel Sambuc 33*ebfedea0SLionel SambucSSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s 34*ebfedea0SLionel SambucSSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s 35*ebfedea0SLionel SambucSSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA 36*ebfedea0SLionel SambucSSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s 37*ebfedea0SLionel SambucSSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s 38*ebfedea0SLionel SambucSSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s 39*ebfedea0SLionel Sambuc 40*ebfedea0SLionel SambucSSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s 41*ebfedea0SLionel SambucSSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s 42*ebfedea0SLionel SambucSSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s 43*ebfedea0SLionel SambucSSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA 44*ebfedea0SLionel SambucSSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s 45*ebfedea0SLionel SambucSSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s 46*ebfedea0SLionel SambucSSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s 47*ebfedea0SLionel Sambuc 48*ebfedea0SLionel SambucSSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s 49*ebfedea0SLionel SambucSSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s 50*ebfedea0SLionel SambucSSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s 51*ebfedea0SLionel SambucSSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA 52*ebfedea0SLionel SambucSSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s 53*ebfedea0SLionel SambucSSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s 54*ebfedea0SLionel SambucSSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s 55*ebfedea0SLionel Sambuc 56*ebfedea0SLionel SambucWhat does this all mean? Well for a server, with no session-id reuse, with 57*ebfedea0SLionel Sambuca transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, 58*ebfedea0SLionel Sambuca Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of 59*ebfedea0SLionel Sambucabout 49 connections a second. Reality will be quite different :-). 60*ebfedea0SLionel Sambuc 61*ebfedea0SLionel SambucRemember the first number is 1000 full ssl handshakes, the second is 62*ebfedea0SLionel Sambuc1 full and 999 with session-id reuse. The RSA overheads for each exchange 63*ebfedea0SLionel Sambucwould be one public and one private operation, but the protocol/MAC/cipher 64*ebfedea0SLionel Sambuccost would be quite similar in both the client and server. 65*ebfedea0SLionel Sambuc 66*ebfedea0SLionel Sambuceric (adding numbers to speculation) 67*ebfedea0SLionel Sambuc 68*ebfedea0SLionel Sambuc--- Appendix --- 69*ebfedea0SLionel Sambuc- The time measured is user time but these number a very rough. 70*ebfedea0SLionel Sambuc- Remember this is the cost of both client and server sides of the protocol. 71*ebfedea0SLionel Sambuc- The TCP/kernel overhead of connection establishment is normally the 72*ebfedea0SLionel Sambuc killer in SSL. Often delays in the TCP protocol will make session-id 73*ebfedea0SLionel Sambuc reuse look slower that new sessions, but this would not be the case on 74*ebfedea0SLionel Sambuc a loaded server. 75*ebfedea0SLionel Sambuc- The TCP round trip latencies, while slowing individual connections, 76*ebfedea0SLionel Sambuc would have minimal impact on throughput. 77*ebfedea0SLionel Sambuc- Instead of sending one 102400 byte buffer, one 8k buffer is sent until 78*ebfedea0SLionel Sambuc- the required number of bytes are processed. 79*ebfedea0SLionel Sambuc- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers. 80*ebfedea0SLionel Sambuc- A 512bit server key was being used except where noted. 81*ebfedea0SLionel Sambuc- No server key verification was being performed on the client side of the 82*ebfedea0SLionel Sambuc protocol. This would slow things down very little. 83*ebfedea0SLionel Sambuc- The library being used is SSLeay 0.8.x. 84*ebfedea0SLionel Sambuc- The normal measuring system was commands of the form 85*ebfedea0SLionel Sambuc time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse 86*ebfedea0SLionel Sambuc This modified version of ssltest should be in the next public release of 87*ebfedea0SLionel Sambuc SSLeay. 88*ebfedea0SLionel Sambuc 89*ebfedea0SLionel SambucThe general cipher performance number for this platform are 90*ebfedea0SLionel Sambuc 91*ebfedea0SLionel SambucSSLeay 0.8.2a 04-Sep-1997 92*ebfedea0SLionel Sambucbuilt on Fri Sep 5 17:37:05 EST 1997 93*ebfedea0SLionel Sambucoptions:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) 94*ebfedea0SLionel SambucC flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized 95*ebfedea0SLionel SambucThe 'numbers' are in 1000s of bytes per second processed. 96*ebfedea0SLionel Sambuctype 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 97*ebfedea0SLionel Sambucmd2 131.02k 368.41k 500.57k 549.21k 566.09k 98*ebfedea0SLionel Sambucmdc2 535.60k 589.10k 595.88k 595.97k 594.54k 99*ebfedea0SLionel Sambucmd5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k 100*ebfedea0SLionel Sambucsha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k 101*ebfedea0SLionel Sambucsha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k 102*ebfedea0SLionel Sambucrc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k 103*ebfedea0SLionel Sambucdes cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k 104*ebfedea0SLionel Sambucdes ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k 105*ebfedea0SLionel Sambucidea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k 106*ebfedea0SLionel Sambucrc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k 107*ebfedea0SLionel Sambucblowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k 108*ebfedea0SLionel Sambuc sign verify 109*ebfedea0SLionel Sambucrsa 512 bits 0.0100s 0.0011s 110*ebfedea0SLionel Sambucrsa 1024 bits 0.0451s 0.0012s 111*ebfedea0SLionel Sambucrsa 2048 bits 0.2605s 0.0086s 112*ebfedea0SLionel Sambucrsa 4096 bits 1.6883s 0.0302s 113*ebfedea0SLionel Sambuc 114