After some relentless testing, I figured that its not related to AES-NI as mbedtls is indeed using it. Confirmed it by commenting "#define MBEDTLS_AESNI_C" in mbedtls config and re-compiling the library which resulted in further degradation of OpenVPN performance. My confusion arose from the fact the mbedtls is performing poorer than OpenSSL in most environments.
Loss of performance in comparison to OpenSSL has some other reason and I am unable to find that out. I tried compiling & testing OpenVPN with mbedtls on Debian, CentOS and Alpine (same system. just re-installed the OS). And for some reason OpenVPN-mbedtls performs equal or better than OpenVPN-OpenSSL on Alpine, all other things being identical. But poorer on the rest. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
