ietf-nntp TLS cipher renegotation to NULL cipher
Eric Rescorla
ekr at rtfm.com
Tue Feb 11 22:35:02 PST 2003
> Charles Lindsey <chl at clw.cs.man.ac.uk> writes:
> I see no benefit gained from making these sorts of comments. They just
> insult other people and do not get us any closer to practical solutions or
> analysis of problems, including where NNTP problems are similar or
> different from problems in other protocols. No one is trying to get
> anyone to do anything that doesn't work for their protocol, but no one is
> an expert on everything that is done out there. And sometimes the things
> that seem to be unique to a particular protocol aren't, after one gets
> some hard numbers and detailed information.
In the interest of hard information, the situation is roughly as follows:
Performance of the various algorithms varies quite a bit depending on
processor, platform, crypto implementation, etc.
The following benchmarks are on a dual Athlon 2000+ running
Red Hat 7.3 and OpenSSL 0.9.6g
HMAC-MD5: 342MB/sec
SHA-1: 161MB/sec (assume about 10% overhead to go to HMAC)
RC4: 156MB/sec
These numbers probably overstate the average difference, since
OpenSSL uses assembly for the digests on Linux, but uses C
for RC4.
These benchmarks are just for the crypto, not the SSL record
processing or TCP, both of which of course add some overhead.
However, purely from a crypto perspective, we'd expect that
the RC4/SHA combination would be capable of processing about
80 MB/s.
-Ekr
More information about the ietf-nntp
mailing list