Welcome to Centmin Mod Community
Register Now

Beta Branch add optional OpenSSL 1.1.0g patch for 30-40% ECDSA performance boost

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jan 2, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    31,657
    7,032
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,639
    Local Time:
    10:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    add optional OpenSSL 1.1.0g patch for 30-40% ECDSA performance boost

    - when Nginx is recompiled via centmin.sh menu option 4 with prior persistent config file /etc/centminmod/custom_config.inc set variables, LIBRESSL_SWITCH='y', OPENSSLECDSA_PATCH='y' and OpenSSL version used is 1.1.0g, then OpenSSL 1.1.0g is patched for better ECDSA performance. If you use ECC 256bit ECDSA SSL certificates for HTTP/2 HTTPS then you'll have better HTTP/2 HTTPS performance compared to standard ECDSA and the usual default RSA 2048bit SSL certificates OpenSSL - [PATCH]30-40% ECDSA performance improvement - OpenSSL 1.1

    Continue reading...

    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    31,657
    7,032
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,639
    Local Time:
    10:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    On OVH Core i7 4790K 4C/8T server with CentOS 7.4 64bit and Centmin Mod 123.09beta01 LEMP stack

    With patch resulted in 43.4% faster ECDSA signs/s and 15.4% faster ECDSA verify/s :cool:

    OpenSSL 1.1.0g rsa 2048 signs/s rsa 2048 verify/s ecdsa 256bit signs/s ecdsa 256bit verify/s
    before patch 8278.4 181818.2 121212.1 43450.5
    after patch 8299.9 181818.2 173813.0 50157.2


    before ECDSA OpenSSL 1.1.0g backported patch
    Code (Text):
    openssl speed -multi 8 rsa2048 ecdsap256
    OpenSSL 1.1.0g  2 Nov 2017
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                     sign    verify    sign/s verify/s
    rsa 2048 bits 0.000121s 0.000005s   8278.4 181818.2
                                 sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 121212.1  43450.5
    

    after patch
    Code (Text):
    openssl speed -multi 8 rsa2048 ecdsap256
    OpenSSL 1.1.0g  2 Nov 2017
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                     sign    verify    sign/s verify/s
    rsa 2048 bits 0.000120s 0.000005s   8299.9 181818.2
                                 sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 173913.0  50157.2
    
     
  3. eva2000

    eva2000 Administrator Staff Member

    31,657
    7,032
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,639
    Local Time:
    10:55 PM
    Nginx 1.13.x
    MariaDB 5.5