1

(6 replies, posted in wolfSSL (formerly CyaSSL))

Thanks Chrisc for the satisfactory response.

Although wolfSSL is far simpler than OpenSSL, I was expecting better performance over OpenSSL. But as per your response, I think there is not much difference in wolfSSL and OpenSSL when comparing performance (speed).

Let me revisit my requirements and get back to you in case I find problems during replacing OpenSSL with wolfSSL.

Regards,
Nikhil Agrawal

2

(6 replies, posted in wolfSSL (formerly CyaSSL))

Hi Chris,

Thanks for the suggestion. As per your suggestion, I have compiled using USE_FAST_MATH flag (and replacing integer.c by tfm.c). Now my wolfSSL Client performance is very similar to OpenSSL Client (around 5.4 sec for 1000 connections).

Is this the best I can achieve using wolfSSL or you have any suggestions for me to get better performance from wolfSSL. Also please update expected performance from wolfSSL. Thanks!

Regards,
Nikhil

3

(6 replies, posted in wolfSSL (formerly CyaSSL))

Hi Todd,

Thanks for the response.
Following are requested details. Also after tweaking some command line arguments and code in client application, I am getting speed of OpenSSL client ~1.3 times better than wolfSSL (and not 5 times better)

OS: Windows 7 32-bit
wolfSSL version: 2.7.2
Compiled wolfSSL solution under VS 2010 Release mode
Cipher Suite negotiated: TLS_RSA_WITH_RC4_128_SHA

Tested both wolfSSL client and OpenSSL client with a SSL Web server locally created.

wolfSSL
==========
wolfSSL ran with following command line argument
>client.exe -h 127.0.0.1 -p 443 -v 0 -b 1000 -d -x -f
Also added wolfSSL_set_quiet_shutdown(ssl, 1); after wolfSSL_new(ctx); in client.c to simulate both test apps behavior.

OpenSSL
===========
OpenSSL client ran with following command line arguments
127.0.0.1 5000 1000

PFA ssl_client OpenSSL client application code.
Please let me know if any other details required. Also please suggest, how much performance gain is expected in wolfSSL over OpenSSL for connection establishment and for data exchange.

I am comparing performance of wolfSSL v/s OpenSSL. I have noticed a huge performance gaps in profiling SSL connection establishment (followed by close) with wolfSSL and OpenSSL.

wolfSSL is taking ~5 times more time compared with OpenSSL.
wolfSSL performance have been evaluated using benchmark flag in command line.

Please suggest if I am incorrectly using wolfSSL.

5

(2 replies, posted in wolfSSL (formerly CyaSSL))

Thanks Chrisc for the detailed response. Let me re-check how can i proceed to integrate wolfSSL embedded SSL in my application instead of OpenSSL.

6

(2 replies, posted in wolfSSL (formerly CyaSSL))

I have my SSL Accelerator project working with OpenSSL. I am trying to replace OpenSSL by wolfSSL for POC purpose. I am facing problem which replacing OpenSSL API for which I don't find any respective API in wolfSSL. Following are few API example which I am not able to replace
a. SSL_get_privatekey
b. X509_set_version
c. X509_set_serialNumber
d. X509_NAME_add_entry_by_txt
e. X509_sign
and similarly many more

though i have successfully replaced wolfSSL_CTX_new, wolfSSLv23_server_method, wolfSSL_CTX_use_PrivateKey_file, wolfSSL_BIO etc.

Please suggest how to proceed for completely replacing OpenSSL API