Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Strony: 1
Cześć
W Debianie mam teraz:
# root ~> openssl version OpenSSL 1.1.1n 15 Mar 2022
# root ~> openssl speed aes-256-cbc aes-128-cbc Doing aes-128 cbc for 3s on 16 size blocks: 30318019 aes-128 cbc's in 2.27s Doing aes-128 cbc for 3s on 64 size blocks: 7658597 aes-128 cbc's in 2.24s Doing aes-128 cbc for 3s on 256 size blocks: 1908891 aes-128 cbc's in 2.23s Doing aes-128 cbc for 3s on 1024 size blocks: 485743 aes-128 cbc's in 2.24s Doing aes-128 cbc for 3s on 8192 size blocks: 61134 aes-128 cbc's in 2.25s Doing aes-128 cbc for 3s on 16384 size blocks: 30900 aes-128 cbc's in 2.28s Doing aes-256 cbc for 3s on 16 size blocks: 22674127 aes-256 cbc's in 2.25s Doing aes-256 cbc for 3s on 64 size blocks: 5806043 aes-256 cbc's in 2.26s Doing aes-256 cbc for 3s on 256 size blocks: 1440600 aes-256 cbc's in 2.21s Doing aes-256 cbc for 3s on 1024 size blocks: 366218 aes-256 cbc's in 2.26s Doing aes-256 cbc for 3s on 8192 size blocks: 45787 aes-256 cbc's in 2.25s Doing aes-256 cbc for 3s on 16384 size blocks: 22598 aes-256 cbc's in 2.23s OpenSSL 1.1.1n 15 Mar 2022 built on: Sun Feb 5 21:23:17 2023 UTC options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-8bYUb4/openssl-1.1.1n=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2 The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-128 cbc 213695.29k 218817.06k 219137.26k 222053.94k 222582.10k 222046.32k aes-256 cbc 161238.24k 164418.92k 166874.93k 165932.40k 166705.38k 166029.43k
Tymczasem w Gentoo zainstalowałem:
# root ~> openssl version OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
# root ~> openssl speed aes-256-cbc aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 100725570 aes-128-cbc's in 2.35s Doing aes-128-cbc for 3s on 64 size blocks: 27008071 aes-128-cbc's in 2.35s Doing aes-128-cbc for 3s on 256 size blocks: 6858985 aes-128-cbc's in 2.35s Doing aes-128-cbc for 3s on 1024 size blocks: 1729665 aes-128-cbc's in 2.36s Doing aes-128-cbc for 3s on 8192 size blocks: 215310 aes-128-cbc's in 2.34s Doing aes-128-cbc for 3s on 16384 size blocks: 107908 aes-128-cbc's in 2.35s Doing aes-256-cbc for 3s on 16 size blocks: 74520716 aes-256-cbc's in 2.36s Doing aes-256-cbc for 3s on 64 size blocks: 19510395 aes-256-cbc's in 2.36s Doing aes-256-cbc for 3s on 256 size blocks: 4956794 aes-256-cbc's in 2.36s Doing aes-256-cbc for 3s on 1024 size blocks: 1235805 aes-256-cbc's in 2.35s Doing aes-256-cbc for 3s on 8192 size blocks: 154453 aes-256-cbc's in 2.35s Doing aes-256-cbc for 3s on 16384 size blocks: 77345 aes-256-cbc's in 2.36s version: 3.0.8 built on: Sun Apr 30 03:40:26 2023 UTC options: bn(64,64) compiler: x86_64-pc-linux-gnu-gcc -fPIC -pthread -m64 -Wa,--noexecstack -march=native -O3 -fgraphite-identity -floop-n> CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x27ab The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-128-cbc 685791.11k 735538.95k 747191.56k 750498.71k 753769.03k 752325.39k aes-256-cbc 505225.19k 529095.46k 537686.13k 538495.46k 538416.59k 536957.83k
Różnica w prędkości szyfrowania AES (w obu systemach ten sam procesor) wynika z użycia w nowym Openssl mechanizmu KernelTLS.
Jak widać, na moim procku ktls przyspieszył szyfrowanie openssl AES-256 o 222%:
echo "scale=2; 536957.83/166705.38" |bc -l 3.22
Pomysł opisany tutaj:
https://www.nginx.com/blog/improving-nginx-performa … h-kernel-tls/
W Debianie na razie trzeba do tego mechanizmu zbudować samodzielnie kernel:
grep CONFIG_TLS /boot/config-5.10.0-22-amd64 # CONFIG_TLS is not set
ale zdaje się, że w testingu to poprawili lub poprawią niebawem:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919807
EDIT:
poprawili w jaju z backportów:
# root ~> grep CONFIG_TLS /boot/config-6.1.0-0.deb11.6-amd64 CONFIG_TLS=m CONFIG_TLS_DEVICE=y
Pozdro
Ostatnio edytowany przez Jacekalex (2023-04-30 07:21:08)
Offline
Strony: 1