Topic: Performance wolfSSL v/s OpenSSL

I am comparing performance of wolfSSL v/s OpenSSL. I have noticed a huge performance gaps in profiling SSL connection establishment (followed by close) with wolfSSL and OpenSSL.

wolfSSL is taking ~5 times more time compared with OpenSSL.
wolfSSL performance have been evaluated using benchmark flag in command line.

Please suggest if I am incorrectly using wolfSSL.

Share

Re: Performance wolfSSL v/s OpenSSL

Hi,

Let's start with the basics.  What platform are you on?  What version of wolfSSL embedded SSL are you using?  How did you ./configure wolfSSL?  wolfSSL is using RSA 2048 bit keys.  Are you using the same keys when comparing?  The same cipher suite and protocol version?

How did you benchmark OpenSSL connection time?  Which version of OpenSSL?

If wolfSSL <-> OpenSSL is much faster than wolfSSL <-> wolfSSL then that suggests to me that you may be using different key sizes.

Thanks for the help,
-Todd

Share

Re: Performance wolfSSL v/s OpenSSL

Hi Todd,

Thanks for the response.
Following are requested details. Also after tweaking some command line arguments and code in client application, I am getting speed of OpenSSL client ~1.3 times better than wolfSSL (and not 5 times better)

OS: Windows 7 32-bit
wolfSSL version: 2.7.2
Compiled wolfSSL solution under VS 2010 Release mode
Cipher Suite negotiated: TLS_RSA_WITH_RC4_128_SHA

Tested both wolfSSL client and OpenSSL client with a SSL Web server locally created.

wolfSSL
==========
wolfSSL ran with following command line argument
>client.exe -h 127.0.0.1 -p 443 -v 0 -b 1000 -d -x -f
Also added wolfSSL_set_quiet_shutdown(ssl, 1); after wolfSSL_new(ctx); in client.c to simulate both test apps behavior.

OpenSSL
===========
OpenSSL client ran with following command line arguments
127.0.0.1 5000 1000

PFA ssl_client OpenSSL client application code.
Please let me know if any other details required. Also please suggest, how much performance gain is expected in wolfSSL over OpenSSL for connection establishment and for data exchange.

Post's attachments

SSL_Client.cpp 3.67 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: Performance wolfSSL v/s OpenSSL

Hi,

Are you compiling wolfSSL with fastmath or the normal big integer library.  Fastmath can be enabled by adding USE_FAST_MATH to your preprocessor flags and compile in tfm.c instead of integer.c.

Best Regards,
Chris

Re: Performance wolfSSL v/s OpenSSL

Hi Chris,

Thanks for the suggestion. As per your suggestion, I have compiled using USE_FAST_MATH flag (and replacing integer.c by tfm.c). Now my wolfSSL Client performance is very similar to OpenSSL Client (around 5.4 sec for 1000 connections).

Is this the best I can achieve using wolfSSL or you have any suggestions for me to get better performance from wolfSSL. Also please update expected performance from wolfSSL. Thanks!

Regards,
Nikhil

Share

Re: Performance wolfSSL v/s OpenSSL

Hi Nikhil,

Is this the best I can achieve using wolfSSL or you have any suggestions for me to get better performance from wolfSSL.

This is probably close to the best, unless you have a processor which supports Intel's AES-NI, or you can do further speed optimizations through your compiler.

You can also switch to a faster cipher suite, as long as you don't need to use TLS_RSA_WITH_RC4_128_SHA.  For instance, our HC-128 stream cipher is our fastest cipher available - even faster than RC4.  You can see a relative speed graph here:  http://yassl.com/yaSSL/benchmarks-cyassl.html.

Also please update expected performance from wolfSSL.

Can you clarify what expected performance you are referring to?

Thanks,
Chris

Re: Performance wolfSSL v/s OpenSSL

Thanks Chrisc for the satisfactory response.

Although wolfSSL is far simpler than OpenSSL, I was expecting better performance over OpenSSL. But as per your response, I think there is not much difference in wolfSSL and OpenSSL when comparing performance (speed).

Let me revisit my requirements and get back to you in case I find problems during replacing OpenSSL with wolfSSL.

Regards,
Nikhil Agrawal

Share