- From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Date: Sun, 17 Aug 2014 15:08:44 +0300
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Eliot Lear <lear@cisco.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Sun, Aug 17, 2014 at 07:31:54AM +0000, Poul-Henning Kamp wrote: > -------- > In message <53F0496A.9040307@cisco.com>, Eliot Lear writes: > > > >This presumes that the use of weak cipher suites is actually cheaper to > >the end points than strong ones. Is that really the case? > > I think it is an implict requirement that a COTS server can do 10Gbit/s. Well, here are some rough estimates (may be quite a bit off) based on some benchmark data I found. - Haswell CPU (Ivy Bridge CPU) - 10^10 bits per second unidirectional - Large packets - CPU use in core-GHz (cGHz): AES128-GCM: ~1.3 (~3.2) cGHz AES256-GCM: ~1.7 (~3.6) cGHz Chacha20-Poly1305[1]: ~2.3 (~4.4) cGHz This does not include extra processing from handshaking, but with long- lived connections (and session resumption), it should be relatively small load. I think typical total capacity of single-CPU servers is about 10-14 cGHz. [1] 256-bit, Not in TLS (might be soonish), friendly to systems with no AES and/or GCM support in HW. -Ilari
Received on Sunday, 17 August 2014 12:09:10 UTC