Benchmark:
AES256: 1.7 MByte/s
AES512: 1.7 MByte/s
SHA: 4.0 MByte/s
SHA256: 2.3 MByte/s
AES GCM: 0.6 MByte/s

Send and Receive:
AES GCM: 4.4 Mbit/s
AES256 + SHA256: 5.2 Mbit/s
AES128 + SHA: 6.5 Mbit/s
No Enc + SHA: 13 Mbit/s

AES GCM seems to be ok, 4.4 Mbit/s is a bit less than 0.6*8 = 4.8 Mbit/s but there is overhead by the TLS stack.
AES256 + SHA256 is already a bit strange because 5.2 Mbit/s is much less than 1.7*8 = 13.6 Mbit/s and 2.3*8 = 18.4 Mbit/s, or is this normal because both algorithms have to be applied?
No Enc + SHA is now really weird since 13 Mbit/s is very far from the benchmark result of 4*8 = 32 Mbit/s.

Are the results reasonable? Do I miss something important?

I also checked the pure TCP performance (no wolfSSL) of my TLS stack and it was able to do 37 Mbit/s (no processing, just raw send and receive). I guess the processing also takes time and therefore decreases the performance.

Typically when we do benchmarking, we benchmark the cryptography algorithms versus benchmarking a send or recv that would include I/O operations.  The underlying cryptography is going to be the most performance intensive operations of the SSL/TLS connection, where sending or receiving data over a network or transport medium is going to have many more factors in play than the SSL/TLS library.

We ship a crypto benchmark application with wolfSSL, located in the <wolfssl_root>/wolfcrypt/benchmark/benchmark.c file.  If you are compiling this on an embedded platform, you can define NO_MAIN_DRIVER to compile out the main() from benchmark.c if you have your own driver/main().  You can also define BENCH_EMBEDDED when compiling the library/benchmark.c to use less memory.  benchmark.c contains individual crypto benchmark functions (ex: bench_aes(), bench_rsa(), etc.) which can be called individually, or you can call benchmark_test() which will call all of the enabled crypto benchmarks.

Going back to your mentioned benchmark, do you know if both connections were using the same cipher suite, key length, and application code?

Thanks,
Chris

recently I did some first performance measurements with two boards, one is running the wolfSSL Client and the other one is running the wolfSSL Server.

The following options that are important for the measurements are set:
#define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8
#define NO_FILESYSTEM
#define USE_CERT_BUFFERS_2048
#define SINGLE_THREADED
#define CHAR_BIT 8
#define TFM_NO_ASM
#define USE_FAST_MATH
#define HAVE_AESGCM
#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256

So a connection between the boards is established with RSA and AES128 in GCM.

In the first test, the client is sending to the server at maximum speed:

static char data[1452];

while(1)
{
    wolfSSL_send(ssl, data, sizeof(data), 0);
}

The resulting speed (measured with wireshark) is at 4,4 Mbit/s. The result seems to be quite reasonable, since there is no
hardware acceleration. (is it really, what do you think? I am using a TriCore with 300 MHz)

But now there appears to be a problem when I let the server send to the client. The client connects to the server and then the server sends to the client at maximum speed, using the same code as above.
The resulting speed is now much lower, at around 120 kbit/s.

Can someone please help by telling me what might be the cause of this difference. Actually I expected that the speed in both directions should be pretty much the same.

Best regards,
hstr