Re: [TLS] record layer limits of TLS1.3
Vlad Krasnov <vlad@cloudflare.com> Thu, 24 November 2016 15:42 UTC
Return-Path: <vlad@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EBDE129888 for <tls@ietfa.amsl.com>; Thu, 24 Nov 2016 07:42:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eC5Gk8EPqZO0 for <tls@ietfa.amsl.com>; Thu, 24 Nov 2016 07:42:00 -0800 (PST)
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CA51129655 for <tls@ietf.org>; Thu, 24 Nov 2016 07:41:42 -0800 (PST)
Received: by mail-pg0-x233.google.com with SMTP id x23so19743326pgx.1 for <tls@ietf.org>; Thu, 24 Nov 2016 07:41:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LGrn09NobWEohfSGlqwDuUE6PQqt2vPWCzkRNYoakLo=; b=xZCXIXX7PpUg/+NWYd7oMohTcU08up8YCdiLLZ7n53mR/HPDd6jFMQsIF25gKMMvSC i+vKAie39BqohmzSIsTybiKf02wTZNiEMIwYS+9B6i5TXWLML/2Cn+o6tTaC++qQxXIt YHnOTA/q8q+2mxsXXJo69tmjftAtGC1BakUYk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LGrn09NobWEohfSGlqwDuUE6PQqt2vPWCzkRNYoakLo=; b=Ki0bIz3nWKB9kZsBnlPAJesOo559EXDgGLoCBWDFK9IlrSlZ5nnEQwk/HKQQX/1EG/ hKjXTjtt0XaOf5AP19cK+fAYwwv6Vo4ESF1zD5+HQGyn2WFNciI3AacMEghSLbEO5bjp DVoHCdBq2KEHs9+hFBlY6rgexIGQW5wp+J+zCGxyHROhbdkyRinD32yjBfYDzUm2BKkZ 9X5Y5F1cYhF1uPnOpqfF5n4ga0t+x+o2EXZLyLFVao4J8zOsqLkZR5IoD3SDZtf9iPX7 Mjr+mZWWkEurXxFK+QHA0AeQZ6pKTc/SDGEE8i0mNPuzeL9j0FnJGjzr9M58MDD38cFi 2SNA==
X-Gm-Message-State: AKaTC00jSOQjIiDRDQ3BGyO7HGVcJ2Bn/pqlHwYkJG73fWnF6AkU1g/Bdj0TWZRinkD5WYRD
X-Received: by 10.99.164.9 with SMTP id c9mr5308459pgf.141.1480002101619; Thu, 24 Nov 2016 07:41:41 -0800 (PST)
Received: from ?IPv6:2601:645:8302:ef30:6dd1:b721:198b:ae4? ([2601:645:8302:ef30:6dd1:b721:198b:ae4]) by smtp.gmail.com with ESMTPSA id v76sm61314839pfk.77.2016.11.24.07.41.40 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 24 Nov 2016 07:41:41 -0800 (PST)
Content-Type: text/plain; charset="windows-1251"
Mime-Version: 1.0 (1.0)
From: Vlad Krasnov <vlad@cloudflare.com>
X-Mailer: iPhone Mail (14A456)
In-Reply-To: <EF04436D-5D2C-4BA9-BF5A-49158002CAD4@gmail.com>
Date: Thu, 24 Nov 2016 07:41:39 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <3F248E51-E4B7-45C1-96C3-E7A9FCA24490@cloudflare.com>
References: <1479884799.2563.3.camel@redhat.com> <1479889806.2563.15.camel@redhat.com> <182CAE27-5A08-45FB-BC4D-D9397FFB5EF8@gmail.com> <2015444.TtsXi0aiky@pintsize.usersys.redhat.com> <EF04436D-5D2C-4BA9-BF5A-49158002CAD4@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WBiw1jbZjDArgdHVl76KZJMuYSQ>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] record layer limits of TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2016 15:42:04 -0000
A) OpenSSL does not measure the actual TLS performance (including nonce construction, additional data, etc), but rather just the speed of the main encryption loop. B) Still, I agree with Yoav. From my experience, the difference in TPT between 16K records and 64K records is negligible, as well as the network overhead. On the other hand using larger records increases the risk of HoL blocking. Cheers, Vlad > On Nov 24, 2016, at 6:16 AM, Yoav Nir <ynir.ietf@gmail.com> wrote: > > >> On 24 Nov 2016, at 15:47, Hubert Kario <hkario@redhat.com> wrote: >> >> On Wednesday, 23 November 2016 10:50:37 CET Yoav Nir wrote: >>>> On 23 Nov 2016, at 10:30, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: >>>>> On Wed, 2016-11-23 at 10:05 +0200, Yoav Nir wrote: >>>>> Hi, Nikos >>>>> >>>>> On 23 Nov 2016, at 9:06, Nikos Mavrogiannopoulos <nmav@redhat.com> >>>> That to my understanding is a way to reduce >>>> latency in contrast to cpu costs. An increase to packet size targets >>>> bandwidth rather than latency (speed). >>> >>> Sure, but running ‘openssl speed’ on either aes-128-cbc or hmac or sha256 >>> (there’s no test for AES-GCM or ChaCha-poly) you get smallish differences >>> in terms of kilobytes per second between 1024-byte buffers and 8192-byte >>> buffers. And the difference going to be even smaller going to 16KB buffers, >>> let alone 64KB buffers. >> >> this is not valid comparison. openssl speed doesn't use the hardware >> accelerated codepath >> >> you need to use `openssl speed -evp aes-128-gcm` to see it (and yes, >> aes-gcm and chacha20-poly1305 is supported then) >> >> What I see is nearly a 1GB/s throughput increase between 1024 and 8192 byte blocks for AES-GCM: >> >> type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes >> aes-128-gcm 614979.91k 1388369.31k 2702645.76k 3997320.76k 4932512.79k >> >> While indeed, for chacha20 there's little to no difference at the high end: >> type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes >> chacha20-poly1305 242518.50k 514356.72k 1035220.57k 1868933.46k 1993609.50k 1997438.98k >> >> (aes-128-gcm performance from openssl-1.0.2j-1.fc24.x86_64, chacha20-poly1305 from openssl master, both on >> Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz) > > Cool. So you got a 23% improvement, and I got an 18% improvement for AES-GCM. I still claim (but cannot prove without modifying openssl code (maybe I’ll do that over the weekend) that the jump from 16KB to 64KB will be far, far less pronounced. > > Yoav > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Yoav Nir
- Re: [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Judson Wilson
- Re: [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Judson Wilson
- Re: [TLS] record layer limits of TLS1.3 Yoav Nir
- Re: [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Michael Tuexen
- Re: [TLS] record layer limits of TLS1.3 Jeremy Harris
- Re: [TLS] record layer limits of TLS1.3 Watson Ladd
- Re: [TLS] record layer limits of TLS1.3 Hubert Kario
- Re: [TLS] record layer limits of TLS1.3 Yoav Nir
- Re: [TLS] record layer limits of TLS1.3 Vlad Krasnov
- Re: [TLS] record layer limits of TLS1.3 Jeremy Harris
- Re: [TLS] record layer limits of TLS1.3 Benjamin Kaduk