On 01/15/2015 08:31 PM, Michael StJohns wrote:
Just for curiosity, what was the improvement in performance?
Tim Whittington posted independent benchmark numbers here:
<http://mail.openjdk.java.net/pipermail/security-dev/2014-November/011458.html>
He could reproduce the 10x improvement quoted in the bug and the
original submission.
I'm wondering if it might be worthwhile to see if its possible to add a plugin
to use the hardware instructions:
http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/communications-ia-galois-counter-mode-paper.pdf
Yes, they are going to help quite a bit as well. The other thing we
need to fix for TLS is that AES-GCM is a garbage collector stress test.
Last time I looked, for each transferred byte, there were four bytes
allocated on the heap.
--
Florian Weimer / Red Hat Product Security
