Miroslav Kratochvil <[email protected]> writes: > Hi there, > > I'm thinking about rewriting one my project from OpenSSL to GnuTLS. > The project is a VPN, and as it basically needs only pretty good raw > transfer speed, I began to concern about some rumors that my little > search returned - those were mostly about the GnuTLS is 30-50% slower > than OpenSSL. Most of those posts was around 3-5 years old, though, so > I'm writing here to ask: > > a] Is there really such performance gap? (I don't count > recently-discussed TLS handshake problems, I need only raw > crypting/transfer speeds.) > b] Do we have some kind of real benchmark? like "encrypt 50 megs with > RSA: x,y,z seconds for gnutls/openssl/nss/..." > > I'm sorry if bringing this topic up isn't needed and I only got > confused by bad google results; but I would really like someone > comment on this.
For bulk encryption, you probably want to compare libgcrypt vs openssl rather than gnutls vs openssl. I benchmarked mod_gnutls vs mod_ssl under apache, using sieve, some time ago, even for large files, and the differences weren't significant (mod_ssl was typically faster but mod_gnutls were faster in some configurations). One potential problem with mod_gnutls/gnutls was that it sent each TLS handshake message as a separate TCP packet which may slow down benchmarks, but it is not clear whether this is significant. It does not apply to bulk encryption. I don't recall much feedback about speed issues. There is certainly room for optimization. If you can provide a good test setup to compare gnutls vs openssl in an application, I would be interested in optimizing things. However, the first step before optimization is to do good benchmarks to illustrate that there is a significant problem. My last attempt at benchmarking didn't result in any obvious problem so I didn't proceed in optimizing anything. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
