How about mobile? What about the initial key exchange that SSL/TLS does? I thought that was the biggest CPU killer?
S. ----- Original Message ----- From: "Julien Vehent" <jul...@linuxwall.info> To: "Julien Pierre" <julien.pie...@oracle.com> Cc: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org> Sent: Thursday, September 12, 2013 10:35:06 PM Subject: Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers On 2013-09-12 22:01, Julien Pierre wrote: > Julien, > > On 9/12/2013 07:06, Julien Vehent wrote: >> If performance was the only reason to prefer AES-128, I would disagree >> with the proposal. But your other arguments regarding AES-256 not provided >> additional security, are convincing. > > The performance is still an issue for servers. More servers are needed if > more CPU-intensive crypto algorithms are used. aes-256-cbc with AES-NI does 543763.11kB/s. That's 4.35Gbps of AES bandwidth on a single core. On a decent 8 core load balancer, dedicate 4 to TLS, and you get 17.40Gbps of AES bandwidth. I don't this AES is close to being the limiting factor here. Processing HTTP is probably 20 times more expensive than that. Just reinforcing the point that performance is not, in my opinion, an issue. The quality of AES-256 is much more relevant here. --- Julien Vehent http://jve.linuxwall.info -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto