Hi Bernd,
I do have some perf numbers, but I haven't done a lot of comparisons yet
against other algs like AES-GCM and CBC. It would be a good idea to get
those numbers before I release what I have so far.
--Jamil
On 6/5/2018 1:38 AM, Bernd Eckenfels wrote:
Jamil, I was wandering if you have performance test numbers to share
yet? Do you have an internal acceptance criteria for it? Do we expect
it to beat unaccelerated AES256-GCM or come close to CBC performance?
Gruss
Bernd
--
http://bernd.eckenfels.net
------------------------------------------------------------------------
*From:* security-dev <[email protected]> on behalf
of Jamil Nimeh <[email protected]>
*Sent:* Tuesday, June 5, 2018 8:15:44 AM
*To:* OpenJDK Dev list
*Subject:* [Sandbox]: ChaCha20 cipher suite prototype
Hi guys,
Since this is sandbox only right now and in prototype form I wanted to
go ahead and put this out there so folks could see where the ChaCha20
cipher suite code was headed in the new handshaking model. This has
been tested with small webpages using openssl and Mozilla NSS (through
Firefox) as a client with JDK on the server side as both a standalone
server implementation and hooked into Tomcat7. I've also used JDK as a
client against openssl s_server.
Disclaimer: Because of time constraints and the blocking dependency on
the new TLS handshaking code, I want to be clear that putting this
review out is not a commitment that this feature will make JDK 11. I am
putting this out though so folks can take a look at it and hopefully get
a little ahead of the curve if there's time left to get it in after the
new handshaker goes back.
http://cr.openjdk.java.net/~jnimeh/reviews/tls13-cc20-ciphersuite/webrev.01
<http://cr.openjdk.java.net/%7Ejnimeh/reviews/tls13-cc20-ciphersuite/webrev.01>
--Jamil
