On 25/03/2019 17:04, RA wrote: > After some relentless testing, I figured that its not related to AES-NI as > mbedtls is indeed using it. Confirmed it by commenting "#define > MBEDTLS_AESNI_C" in mbedtls config and re-compiling the library which > resulted in further degradation of OpenVPN performance. My confusion arose > from the fact the mbedtls is performing poorer than OpenSSL in most > environments. > > Loss of performance in comparison to OpenSSL has some other reason and I am > unable to find that out. I tried compiling & testing OpenVPN with mbedtls > on Debian, CentOS and Alpine (same system. just re-installed the OS). And > for some reason OpenVPN-mbedtls performs equal or better than > OpenVPN-OpenSSL on Alpine, all other things being identical. But poorer on > the rest.
OpenSSL is highly optimized, with lots of assembly code on many platforms. mbed TLS does not carry this kind of optimizations. On the other hand, the mbed TLS source code is quite pleasant to read compared to the OpenSSL source code. Why you experience better performance on Alpine is hard to understand, but might be related to generic compiler flags being set by default in that distro. I recall many years ago when I used Gentoo, I recompiled OpenOffice.org instead of using the pre-built binaries. That boosted the startup of OpenOffice.org by 20-25 seconds. (It also took 8 hours to compile on the hardware those days, but that's a different story ;-)) -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
