diff options
| author | ryker <> | 1998-10-05 20:13:14 +0000 |
|---|---|---|
| committer | ryker <> | 1998-10-05 20:13:14 +0000 |
| commit | aeeae06a79815dc190061534d47236cec09f9e32 (patch) | |
| tree | 851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libssl/test/times | |
| parent | a4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff) | |
| download | openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2 openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip | |
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.
Diffstat (limited to 'src/lib/libssl/test/times')
| -rw-r--r-- | src/lib/libssl/test/times | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times new file mode 100644 index 0000000000..49aeebf216 --- /dev/null +++ b/src/lib/libssl/test/times | |||
| @@ -0,0 +1,113 @@ | |||
| 1 | |||
| 2 | More number for the questions about SSL overheads.... | ||
| 3 | |||
| 4 | The following numbers were generated on a pentium pro 200, running linux. | ||
| 5 | They give an indication of the SSL protocol and encryption overheads. | ||
| 6 | |||
| 7 | The program that generated them is an unreleased version of ssl/ssltest.c | ||
| 8 | which is the SSLeay ssl protocol testing program. It is a single process that | ||
| 9 | talks both sides of the SSL protocol via a non-blocking memory buffer | ||
| 10 | interface. | ||
| 11 | |||
| 12 | How do I read this? The protocol and cipher are reasonable obvious. | ||
| 13 | The next number is the number of connections being made. The next is the | ||
| 14 | number of bytes exchanged bewteen the client and server side of the protocol. | ||
| 15 | This is the number of bytes that the client sends to the server, and then | ||
| 16 | the server sends back. Because this is all happening in one process, | ||
| 17 | the data is being encrypted, decrypted, encrypted and then decrypted again. | ||
| 18 | It is a round trip of that many bytes. Because the one process performs | ||
| 19 | both the client and server sides of the protocol and it sends this many bytes | ||
| 20 | each direction, multiply this number by 4 to generate the number | ||
| 21 | of bytes encrypted/decrypted/MACed. The first time value is how many seconds | ||
| 22 | elapsed doing a full SSL handshake, the second is the cost of one | ||
| 23 | full handshake and the rest being session-id reuse. | ||
| 24 | |||
| 25 | SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s | ||
| 26 | SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s | ||
| 27 | SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s | ||
| 28 | SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA | ||
| 29 | SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s | ||
| 30 | SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s | ||
| 31 | SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s | ||
| 32 | |||
| 33 | SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s | ||
| 34 | SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s | ||
| 35 | SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA | ||
| 36 | SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s | ||
| 37 | SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s | ||
| 38 | SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s | ||
| 39 | |||
| 40 | SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s | ||
| 41 | SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s | ||
| 42 | SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s | ||
| 43 | SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA | ||
| 44 | SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s | ||
| 45 | SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s | ||
| 46 | SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s | ||
| 47 | |||
| 48 | SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s | ||
| 49 | SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s | ||
| 50 | SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s | ||
| 51 | SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA | ||
| 52 | SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s | ||
| 53 | SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s | ||
| 54 | SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s | ||
| 55 | |||
| 56 | What does this all mean? Well for a server, with no session-id reuse, with | ||
| 57 | a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, | ||
| 58 | a pentium pro 200 running linux can handle the SSLv3 protocol overheads of | ||
| 59 | about 49 connections a second. Reality will be quite different :-). | ||
| 60 | |||
| 61 | Remeber the first number is 1000 full ssl handshakes, the second is | ||
| 62 | 1 full and 999 with session-id reuse. The RSA overheads for each exchange | ||
| 63 | would be one public and one private operation, but the protocol/MAC/cipher | ||
| 64 | cost would be quite similar in both the client and server. | ||
| 65 | |||
| 66 | eric (adding numbers to speculation) | ||
| 67 | |||
| 68 | --- Appendix --- | ||
| 69 | - The time measured is user time but these number a very rough. | ||
| 70 | - Remember this is the cost of both client and server sides of the protocol. | ||
| 71 | - The TCP/kernal overhead of connection establishment is normally the | ||
| 72 | killer in SSL. Often delays in the TCP protocol will make session-id | ||
| 73 | reuse look slower that new sessions, but this would not be the case on | ||
| 74 | a loaded server. | ||
| 75 | - The TCP round trip latencies, while slowing indervidual connections, | ||
| 76 | would have minimal impact on throughput. | ||
| 77 | - Instead of sending one 102400 byte buffer, one 8k buffer is sent until | ||
| 78 | - the required number of bytes are processed. | ||
| 79 | - The SSLv3 connections were actually SSLv2 compatable SSLv3 headers. | ||
| 80 | - A 512bit server key was being used except where noted. | ||
| 81 | - No server key verification was being performed on the client side of the | ||
| 82 | protocol. This would slow things down very little. | ||
| 83 | - The library being used is SSLeay 0.8.x. | ||
| 84 | - The normal mesauring system was commands of the form | ||
| 85 | time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse | ||
| 86 | This modified version of ssltest should be in the next public release of | ||
| 87 | SSLeay. | ||
| 88 | |||
| 89 | The general cipher performace number for this platform are | ||
| 90 | |||
| 91 | SSLeay 0.8.2a 04-Sep-1997 | ||
| 92 | built on Fri Sep 5 17:37:05 EST 1997 | ||
| 93 | options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) | ||
| 94 | C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized | ||
| 95 | The 'numbers' are in 1000s of bytes per second processed. | ||
| 96 | type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes | ||
| 97 | md2 131.02k 368.41k 500.57k 549.21k 566.09k | ||
| 98 | mdc2 535.60k 589.10k 595.88k 595.97k 594.54k | ||
| 99 | md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k | ||
| 100 | sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k | ||
| 101 | sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k | ||
| 102 | rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k | ||
| 103 | des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k | ||
| 104 | des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k | ||
| 105 | idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k | ||
| 106 | rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k | ||
| 107 | blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k | ||
| 108 | sign verify | ||
| 109 | rsa 512 bits 0.0100s 0.0011s | ||
| 110 | rsa 1024 bits 0.0451s 0.0012s | ||
| 111 | rsa 2048 bits 0.2605s 0.0086s | ||
| 112 | rsa 4096 bits 1.6883s 0.0302s | ||
| 113 | |||