It's because CBC requires the use of an HMAC which cannot be accelerated. With GCM you bake it in.
On Monday, April 24, 2017 at 7:05:17 PM UTC+2, Peter Veentjer wrote: > > Thanks for the reply. > > The TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 give indeed a big boost; 350% > > But when using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (the default ciphersuite > from SSLEngine on my testboxes) the improvements were very marginal. At > least in my benchmark. > > On Thursday, April 20, 2017 at 8:51:11 PM UTC+3, Peter Veentjer wrote: >> >> What kind of performance gain is to be expected when switching from the >> JDK provided SSLEngine to OpenSSL? >> >> I know this is a difficult question to answer because it depends on a lot >> of factors. But is OpenSSL the best thing since sliced bread and should >> always be used or are there any performance related reasons not the use >> OpenSSL? >> > -- You received this message because you are subscribed to the Google Groups "Netty discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/netty/f78839eb-d8ea-4759-bc0e-2f69ce179f51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
