Learn about Centmin Mod LEMP Stack today
Become a Member

SSL OpenSSL 1.1.0-pre6 vs OpenSSL 1.0.2h vs OpenSSL 1.0.1e vs LibreSSL 2.4.2 vs LibreSSL 2.3.6

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Aug 9, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    54,529
    12,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,781
    Local Time:
    8:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Centmin Mod 123.09beta01 beta added support for OpenSSL 1.1.0 branch via Nginx patching. So now Centmin Mod Nginx supports compiling against OpenSSL 1.0.2*, 1.1.0* and LibreSSL 2.3/2.4.

    Decided to do some quick benchmarks for OpenSSL vs LibreSSL and various versions on CentOS 7.2 64bit in virtualbox 4 cpu Intel Core i7 3635QM CPU guest server. For SSL/HTTPS of interest is rsa2048, rsa4096 and ecdsa, and aes128/aes256 results.

    Looks like OpenSSL 1.0.2h is most optimised for performance for non hardware assisted (AES-NI) performance for RSA and ECDSA. Understandable as OpenSSL 1.1.0 is still in beta and probably focused on feature stability over performance at this stage. LibreSSL has much lower performance especially for ecdsa 256bit. LibreSSL was only added to Centmin Mod Nginx for native chacha20 cipher support. However, with OpenSSL 1.1.0 having native chacha20 support, Centmin Mod will probably default back to OpenSSL 1.1.0 as opposed to LibreSSL once OpenSSL 1.1.0 becomes stable released :)

    As you can see ECDSA performance for OpenSSL 1.0.2 and 1.1.0 is miles ahead so looking good if you want to use ECC 256 bit based SSL certificates in future. Nginx 1.11+ and higher have added dual ECDSA+RSA SSL certificate support and Centmin Mod 123.09beta01 already has support as it defaults to Nginx 1.11 branch now - SSL - Nginx 1.11.0 introduces dual ECDSA + RSA SSL certificate support.

    LibreSSL 2.4 also improved ECDSA and RSA 2048 bit verify/s performance over LibreSSL 2.3.

    openssl-vs-libressl-090816-00.png

    Intel AES-NI hardware assisted benchmarks pretty much all on par.

    openssl-vs-libressl-090816-01.png

    CentOS 7.2 64bit OpenSSL 1.1.0-pre6


    Code (Text):
    /svr-setup/openssl-1.1.0-pre6/.openssl/bin/openssl speed rsa4096 rsa2048 ecdsap256 sha256 sha1 md5 rc4 aes-256-cbc aes-128-cbc
    
    OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache /usr/bin/clang -ferror-limit=0 -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/svr-setup/nginx-1.11.3/../openssl-1.1.0-pre6/.openssl/ssl\"" -DENGINESDIR="\"/svr-setup/nginx-1.11.3/../openssl-1.1.0-pre6/.openssl/lib/engines-1.1\""
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
    md5             112605.85k   257192.53k   444663.32k   539000.96k   596069.03k   602722.98k
    sha1            103869.28k   252750.51k   471840.34k   600742.23k   642784.32k   655633.07k
    rc4             369004.80k   604235.71k   674315.35k   705283.41k   726504.79k   723707.03k
    aes-128 cbc     108044.97k   118772.74k   122594.63k   260688.55k   267182.08k   266179.93k
    aes-256 cbc      80791.01k    86208.85k    87330.73k   192305.49k   190764.37k   193238.36k
    sha256           60419.75k   132493.21k   224361.73k   276595.71k   286755.50k   293964.03k
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.001233s 0.000035s    810.8  28203.4
    rsa 4096 bits 0.008313s 0.000130s    120.3   7681.9
                                  sign    verify    sign/s verify/s
    256 bit ecdsa (nistp256)   0.0001s   0.0001s  16371.6   7359.3
    

    Code (Text):
    /svr-setup/openssl-1.1.0-pre6/.openssl/bin/openssl speed -evp aes256
    
    OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache /usr/bin/clang -ferror-limit=0 -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/svr-setup/nginx-1.11.3/../openssl-1.1.0-pre6/.openssl/ssl\"" -DENGINESDIR="\"/svr-setup/nginx-1.11.3/../openssl-1.1.0-pre6/.openssl/lib/engines-1.1\""
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
    aes-256-cbc     406452.99k   424032.73k   429171.54k   427744.94k   431512.92k   429462.20k
    

    Code (Text):
    /svr-setup/openssl-1.1.0-pre6/.openssl/bin/openssl speed -evp aes128
    
    OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache /usr/bin/clang -ferror-limit=0 -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/svr-setup/nginx-1.11.3/../openssl-1.1.0-pre6/.openssl/ssl\"" -DENGINESDIR="\"/svr-setup/nginx-1.11.3/../openssl-1.1.0-pre6/.openssl/lib/engines-1.1\""
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
    aes-128-cbc     537548.62k   591099.72k   598788.78k   602439.34k   601587.71k   597513.56k
    

    CentOS 7.2 64bit system OpenSSL 1.0.1e


    Code (Text):
    openssl speed rsa4096 rsa2048 ecdsap256 sha256 sha1 md5 rc4 aes-256-cbc aes-128-cbc
    
    OpenSSL 1.0.1e-fips 11 Feb 2013
    built on: Mon May  9 08:07:32 UTC 2016
    options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md5              51951.15k   155744.75k   352236.39k   510342.08k   587358.21k
    sha1             59304.84k   168351.49k   369217.79k   535958.19k   635352.41k
    rc4             378445.68k   592546.68k   680765.01k   723967.66k   734877.38k
    aes-128 cbc     111513.70k   120694.27k   122684.56k   260234.48k   268515.56k
    aes-256 cbc      81366.94k    86636.37k    87831.89k   193065.44k   194928.50k
    sha256           45507.64k   102525.80k   177948.51k   219861.67k   236164.44k
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.001421s 0.000043s    703.5  23419.8
    rsa 4096 bits 0.010672s 0.000156s     93.7   6398.3
                                  sign    verify    sign/s verify/s
    256 bit ecdsa (nistp256)   0.0001s   0.0005s   8375.7   2142.8
    

    Code (Text):
    openssl speed -evp aes256
    
    OpenSSL 1.0.1e-fips 11 Feb 2013
    built on: Mon May  9 08:07:32 UTC 2016
    options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-256-cbc     406210.20k   422723.54k   427242.24k   429809.79k   429329.07k
    

    Code (Text):
    openssl speed -evp aes128
    
    OpenSSL 1.0.1e-fips 11 Feb 2013
    built on: Mon May  9 08:07:32 UTC 2016
    options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-128-cbc     547919.03k   589614.19k   595748.35k   600805.03k   601511.98k
    



    CentOS 7.2 64bit OpenSSL 1.0.2h


    Code (Text):
    /svr-setup/openssl-1.0.2h/.openssl/bin/openssl speed rsa4096 rsa2048 ecdsap256 sha256 sha1 md5 rc4 aes-256-cbc aes-128-cbc
    
    OpenSSL 1.0.2h  3 May 2016
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: ccache /usr/bin/clang -ferror-limit=0 -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DCHAPOLY_x86_64_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md5              38776.56k   123512.21k   303677.05k   478858.70k   581199.11k
    sha1             35812.71k   115882.15k   302492.84k   508796.15k   636219.76k
    rc4             426199.23k   592095.66k   690068.91k   720212.42k   730016.43k
    aes-128 cbc     110422.11k   120554.26k   122903.04k   266209.52k   266843.48k
    aes-256 cbc      81368.38k    86920.58k    88599.80k   195689.48k   196870.14k
    sha256           63864.80k   135774.72k   227519.74k   280067.08k   296954.54k
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.001179s 0.000035s    848.3  28508.6
    rsa 4096 bits 0.008268s 0.000128s    120.9   7807.7
                                  sign    verify    sign/s verify/s
    256 bit ecdsa (nistp256)   0.0001s   0.0001s  17955.6   7706.3
    

    Code (Text):
    /svr-setup/openssl-1.0.2h/.openssl/bin/openssl speed -evp aes256
    
    OpenSSL 1.0.2h  3 May 2016
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: ccache /usr/bin/clang -ferror-limit=0 -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DCHAPOLY_x86_64_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-256-cbc     405091.05k   426671.09k   428736.94k   431333.12k   431290.99k
    

    Code (Text):
    /svr-setup/openssl-1.0.2h/.openssl/bin/openssl speed -evp aes128
    
    OpenSSL 1.0.2h  3 May 2016
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: ccache /usr/bin/clang -ferror-limit=0 -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DCHAPOLY_x86_64_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-128-cbc     552695.47k   590150.59k   601430.78k   598550.87k   603605.19k
    


    CentOS 7.2 64bit LibreSSL 2.4.2


    Code (Text):
    /opt/libressl/bin/openssl speed rsa4096 rsa2048 ecdsap256 sha256 sha1 md5 rc4 aes-256-cbc aes-128-cbc
    
    LibreSSL 2.4.2
    built on: date not available
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: information not available
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md5              62584.05k   178710.12k   377133.55k   519409.66k   585886.38k
    sha1             74103.92k   198440.67k   403542.56k   552597.16k   627100.33k
    rc4             394107.67k   596634.75k   673864.28k   706783.29k   712900.61k
    aes-128 cbc     108598.13k   120568.42k   122167.81k   262387.50k   263730.52k
    aes-256 cbc      76396.04k    86246.40k    87772.76k   191910.91k   189650.26k
    sha256           50338.10k   106702.91k   180732.59k   221010.37k   236467.54k
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.001419s 0.000043s    704.9  23158.0
    rsa 4096 bits 0.009930s 0.000159s    100.7   6281.8
                                  sign    verify    sign/s verify/s
    256 bit ecdsa (nistp256)   0.0001s   0.0005s   7546.6   1942.7
    

    Code (Text):
    /opt/libressl/bin/openssl speed -evp aes256
    
    LibreSSL 2.4.2
    built on: date not available
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: information not available
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-256-cbc     408685.45k   420868.62k   430594.40k   430713.58k   428546.06k
    

    Code (Text):
    /opt/libressl/bin/openssl speed -evp aes128
    
    LibreSSL 2.4.2
    built on: date not available
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: information not available
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-128-cbc     549986.09k   586912.79k   601530.45k   597553.49k   603016.13k
    


    CentOS 7.2 64bit LibreSSL 2.3.6


    Code (Text):
    /opt/libressl/bin/openssl speed rsa4096 rsa2048 ecdsap256 sha256 sha1 md5 rc4 aes-256-cbc aes-128-cbc
    
    LibreSSL 2.3.6
    built on: date not available
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: information not available
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md5              42668.97k   132174.32k   323128.96k   497183.27k   587047.52k
    sha1             58816.44k   167158.28k   372933.47k   538836.36k   632169.49k
    rc4             384749.88k   600982.01k   693221.88k   724987.86k   720849.42k
    aes-128 cbc     109552.14k   119084.05k   123336.28k   262074.82k   266999.13k
    aes-256 cbc      80973.24k    85371.20k    86100.31k   193794.39k   193803.61k
    sha256           43008.28k    97135.89k   174852.55k   217949.32k   234205.98k
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.001574s 0.000068s    635.5  14717.2
    rsa 4096 bits 0.011074s 0.000246s     90.3   4061.5
                                  sign    verify    sign/s verify/s
    256 bit ecdsa (nistp256)   0.0003s   0.0010s   3690.2   1010.4
    

    Code (Text):
    /opt/libressl/bin/openssl speed -evp aes256
    
    LibreSSL 2.3.6
    built on: date not available
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: information not available
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-256-cbc     397460.53k   424525.66k   424737.42k   431768.57k   429326.78k
    

    Code (Text):
    /opt/libressl/bin/openssl speed -evp aes128
    
    LibreSSL 2.3.6
    built on: date not available
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: information not available
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-128-cbc     540756.60k   588574.07k   598654.80k   596832.06k   600083.11k
    
     
    Last edited: Aug 9, 2016
  2. eva2000

    eva2000 Administrator Staff Member

    54,529
    12,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,781
    Local Time:
    8:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Test system info

    4 cpu virtualbox Intel Core i7 3635QM (my Samsung ATIV Book 8 laptop :) )
    Code (Text):
    cat /proc/cpuinfo
    processor       : 0
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 58
    model name      : Intel(R) Core(TM) i7-3635QM CPU @ 2.40GHz
    stepping        : 9
    microcode       : 0x19
    cpu MHz         : 2394.527
    cache size      : 6144 KB
    physical id     : 0
    siblings        : 4
    core id         : 0
    cpu cores       : 4
    apicid          : 0
    initial apicid  : 0
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 13
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes xsave avx rdrand lahf_lm
    bogomips        : 4789.05
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 36 bits physical, 48 bits virtual
    power management:
    
    processor       : 1
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 58
    model name      : Intel(R) Core(TM) i7-3635QM CPU @ 2.40GHz
    stepping        : 9
    microcode       : 0x19
    cpu MHz         : 2394.527
    cache size      : 6144 KB
    physical id     : 0
    siblings        : 4
    core id         : 1
    cpu cores       : 4
    apicid          : 1
    initial apicid  : 1
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 13
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes xsave avx rdrand lahf_lm
    bogomips        : 4789.05
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 36 bits physical, 48 bits virtual
    power management:
    
    processor       : 2
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 58
    model name      : Intel(R) Core(TM) i7-3635QM CPU @ 2.40GHz
    stepping        : 9
    microcode       : 0x19
    cpu MHz         : 2394.527
    cache size      : 6144 KB
    physical id     : 0
    siblings        : 4
    core id         : 2
    cpu cores       : 4
    apicid          : 2
    initial apicid  : 2
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 13
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes xsave avx rdrand lahf_lm
    bogomips        : 4789.05
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 36 bits physical, 48 bits virtual
    power management:
    
    processor       : 3
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 58
    model name      : Intel(R) Core(TM) i7-3635QM CPU @ 2.40GHz
    stepping        : 9
    microcode       : 0x19
    cpu MHz         : 2394.527
    cache size      : 6144 KB
    physical id     : 0
    siblings        : 4
    core id         : 3
    cpu cores       : 4
    apicid          : 3
    initial apicid  : 3
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 13
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes xsave avx rdrand lahf_lm
    bogomips        : 4789.05
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 36 bits physical, 48 bits virtual
    power management:


    i7-3635qm.png
     
    Last edited: Aug 9, 2016
  3. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    10:21 AM
    1.9.x
    10.1.x
    As i see, its better to use Openssl for RSA or ECDSA. I think im gonna change again from LibreSSL to OpenSSL.
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,529
    12,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,781
    Local Time:
    8:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah for my tests at least on Intel Core i7 3635QM cpu. You can see your systems to see if there are differences. There would be a huge boost in numbers with Intel newer Skylake, Haswell and Broadwell based processors compared to my cpu system used above.

    For instance Intel Xeon E3-1240v5 is between 20-85% faster encryption wise for above tests compared to Intel Xeon E3-1230v3 Specifications of Intel Xeon E3-1200 v5 & Xeon E3-1500 v5 processors | Page 2 | Centmin Mod Community

    ECDSA about 25% faster on E3-1240v5 vs E3-1240v3
     
    Last edited: Aug 9, 2016
  5. BobbyWibowo

    BobbyWibowo Active Member

    197
    42
    28
    Jul 30, 2015
    Indonesia
    Ratings:
    +71
    Local Time:
    5:21 PM
    1.17.x
    10.3.x
    I kinda want to test it out on my Skylake laptop, but eh, aren't I darn lazy.. Thanks for the benchmark by the way!
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,529
    12,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,781
    Local Time:
    8:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    feel free to share the numbers if you get around to it :D
     
  7. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    11:21 AM
    @eva2000 If time permits could you benchmark: BoringSSL vs OpenSSL 1.1.0 vs OpenSSL 1.0.2h vs OpenSSL 1.0.1e vs LibreSSL 2.4.2 vs LibreSSL 2.3.6?

    Thanks.
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,529
    12,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,781
    Local Time:
    8:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  9. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    11:21 AM
  10. eva2000

    eva2000 Administrator Staff Member

    54,529
    12,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,781
    Local Time:
    8:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  11. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    11:21 AM
  12. eva2000

    eva2000 Administrator Staff Member

    54,529
    12,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,781
    Local Time:
    8:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you mean dual ECDSA+RSA testing ?
     
  13. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    11:21 AM
    Nup testing in general.

    If i am testing something new then it is always on the test system.
    Wen its proved and stable.
    I use the exact arrangement for the stable production environment.
     
  14. eva2000

    eva2000 Administrator Staff Member

    54,529
    12,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,781
    Local Time:
    8:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    i see, i thought you mean dual certs seeing as BoringSSL supports a similar feature for equal preference ciphers :)