TLS Cipher Benchmarks

 


I compiled GnuTLS 3.6.16 this week and decided to run some TLS cipher benchmarks on a Rasbperry Pi 4 B. Cryptoworld summarized it best:

"Regarding crypto, ideally we would recommend Ed25519 for certificates, Curve25519 for key exchange (ECDHE), and ChaCha20-Poly1305 for data streams"


Benchmark individual ciphers

$ gnutls-cli --benchmark-ciphers

Checking AEAD ciphers, payload size: 16384

 AES-128-GCM 48.37 MB/sec

 AES-128-CCM 33.64 MB/sec

 CHACHA20-POLY1305 125.96 MB/sec


Checking cipher-MAC combinations, payload size: 16384

 SALSA20-256-SHA1 98.44 MB/sec

 AES-128-CBC-SHA1 47.18 MB/sec

 AES-128-CBC-SHA256 42.03 MB/sec

GOST28147-TC26Z-CNT-GOST28147-TC26Z-IMIT 18.73 MB/sec


Checking MAC algorithms, payload size: 16384

 SHA1 174.71 MB/sec

 SHA256 119.61 MB/sec

 SHA512 187.71 MB/sec

GOST28147-TC26Z-IMIT 58.52 MB/sec

 GOSTR341194 25.25 MB/sec

 STREEBOG-512 32.33 MB/sec


Checking ciphers, payload size: 16384

 3DES-CBC 10.32 MB/sec

 AES-128-CBC 63.78 MB/sec

 AES-128-XTS 60.16 MB/sec

 AES-256-XTS 45.92 MB/sec

 SALSA20-256 0.22 GB/sec

 NULL 7.93 GB/sec

 GOST28147-TC26Z-CNT 27.60 MB/sec


Benchmark TLS key exchange methods

$ gnutls-cli --benchmark-tls-kx

Testing key exchanges (RSA/DH bits: 3072, EC bits: 256)


(TLS1.3)-(DHE-FFDHE3072)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)

 - 2.71 transactions/sec

 - avg. handshake time: 368.80 ms

 - standard deviation: 0.74 ms


(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-SHA256)-(AES-128-GCM)

 - 35.84 transactions/sec

 - avg. handshake time: 27.89 ms

 - standard deviation: 0.89 ms


(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)

 - 35.91 transactions/sec

 - avg. handshake time: 27.83 ms

 - standard deviation: 0.83 ms


(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)

 - 37.19 transactions/sec

 - avg. handshake time: 26.87 ms

 - standard deviation: 0.87 ms


(TLS1.3)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(AES-128-GCM)

 - 228.20 transactions/sec

 - avg. handshake time: 4.36 ms

 - standard deviation: 0.36 ms


(TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-128-GCM)

 - 291.74 transactions/sec

 - avg. handshake time: 3.41 ms

 - standard deviation: 0.41 ms


(TLS1.3)-(ECDHE-X25519)-(EdDSA-Ed25519)-(AES-128-GCM)

 - 350.26 transactions/sec

 - avg. handshake time: 2.84 ms

 - standard deviation: 0.84 ms


(TLS1.2)-(RSA)-(AES-128-GCM)

 - 39.41 transactions/sec

 - avg. handshake time: 25.36 ms

 - standard deviation: 0.36 ms


(TLS1.2)-(VKO-GOST-12)-(GOST28147-TC26Z-CNT)-(GOST28147-TC26Z-IMIT)

 - 320.94 transactions/sec

 - avg. handshake time: 3.10 ms

 - standard deviation: 0.10 ms


Benchmark TLS ciphers

$ gnutls-cli --benchmark-tls-ciphers

Testing throughput in cipher/MAC combinations (payload: 1400 bytes)

 AES-128-GCM - TLS1.2 21.75 MB/sec

 AES-128-GCM - TLS1.3 21.59 MB/sec

 AES-128-CCM - TLS1.2 15.62 MB/sec

 AES-128-CCM - TLS1.3 15.38 MB/sec

 CHACHA20-POLY1305 - TLS1.2 53.64 MB/sec

 CHACHA20-POLY1305 - TLS1.3 52.57 MB/sec

 AES-128-CBC - TLS1.0 21.88 MB/sec

 CAMELLIA-128-CBC - TLS1.0 18.60 MB/sec

 GOST28147-TC26Z-CNT - TLS1.2 8.91 MB/sec


Testing throughput in cipher/MAC combinations (payload: 16384 bytes)

 AES-128-GCM - TLS1.2 23.23 MB/sec

 AES-128-GCM - TLS1.3 23.22 MB/sec

 AES-128-CCM - TLS1.2 16.33 MB/sec

 AES-128-CCM - TLS1.3 16.31 MB/sec

 CHACHA20-POLY1305 - TLS1.2 60.60 MB/sec

 CHACHA20-POLY1305 - TLS1.3 60.31 MB/sec

 AES-128-CBC - TLS1.0 23.81 MB/sec

 CAMELLIA-128-CBC - TLS1.0 20.05 MB/sec

 GOST28147-TC26Z-CNT - TLS1.2 9.29 MB/sec



Comments

Post a Comment

Keep it clean and professional...

Popular Posts