David wrote:
"(AFAIS, the openssl speed tests don't really do enough connection
volume
to show much of a difference even when the crypto engine is known to be
working. )"
There is a big difference in the speed tests (although I think there's
some bug in the reporting because it changes to 0 seconds with the
crypto). The numbers per sec are way higher.
Our load testing reports the with the crypto the SSL trans are pretty
close to the speed of non-SSL trans.
[EMAIL PROTECTED]:~> openssl
OpenSSL> speed rsa512
Doing 512 bit private rsa's for 10s: 9487 512 bit private RSA's in
10.00s
Doing 512 bit public rsa's for 10s: 107193 512 bit public RSA's in
10.00s
OpenSSL 0.9.7d 17 Mar 2004
built on: Mon Nov 21 21:09:37 UTC 2005
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long)
aes(partial) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int
-DOPENSSL_NO_RC5 -DOPENSSL_NO_IDEA -O2 -fsigned-char -fmessage-length=0
-Wall -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
-fbranch-probabilities
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
sign verify sign/s verify/s
rsa 512 bits 0.0011s 0.0001s 948.7 10719.3
[EMAIL PROTECTED]:~> openssl
OpenSSL> speed -engine ibmca rsa512
engine "ibmca" set.
Doing 512 bit private rsa's for 10s: 793 512 bit private RSA's in 0.00s
Doing 512 bit public rsa's for 10s: 769 512 bit public RSA's in 0.01s
OpenSSL 0.9.7d 17 Mar 2004
built on: Mon Nov 21 21:09:37 UTC 2005
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long)
aes(partial) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int
-DOPENSSL_NO_RC5 -DOPENSSL_NO_IDEA -O2 -fsigned-char -fmessage-length=0
-Wall -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
-fbranch-probabilities
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
sign verify sign/s verify/s
rsa 512 bits 0.0000s 0.0000s 793000.0 76900.0
This is on a 6 IFL z9 EC with Cryptos configured as accelerators.
Marcy Cortes
This message may contain confidential and/or privileged information. If
you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based on
this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message. Thank you for your cooperation."
-----Original Message-----
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
David Boyes
Sent: Thursday, April 26, 2007 06:51
To: [email protected]
Subject: Re: [LINUX-390] Crypto CPACF enablement
(AFAIS, the openssl speed tests don't really do enough connection volume
to show much of a difference even when the crypto engine is known to be
working. )
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
