1. Manuals
  2. Brands
  3. Comtrol Manuals
  4. Switch
  5. DeviceMaster DM-2000 Series
  6. Installation and configuration manual

Ssl Performance - Comtrol DeviceMaster DM-2000 Series Installation And Configuration Manual

Hide thumbs
Table of Contents

Advertisement

SSL Performance

-
DH Key pair used by SSL servers
This is a private/public key pair that is used by some cipher suites to encrypt the SSL/TLS handshaking
messages.
Possession of the private portion of the key pair allows an eavesdropper to decrypt traffic on SSL/TLS
connections that use DH encryption during handshaking.
-
Client Authentication Certificate used by SSL servers
If configured with a CA certificate, the DeviceMaster requires all SSL/TLS clients to present an RSA
identity certificate that has been signed by the configured CA certificate. As shipped, the DeviceMaster
is not configured with a CA certificate and all SSL/TLS clients are allowed.
SSL Performance
The DeviceMaster has these SSL performance characteristics:
Encryption/decryption is a CPU-intensive process, and using encrypted data streams will limit the
number of ports that can be maintained at a given serial throughput. For example, the table below shows
the number of ports that can be maintained by SocketServer at 100% throughput for various cipher suites
and baud rates.
Note: These throughputs required 100% CPU usage, so other features such as the web server are very
unresponsive at the throughputs shown above. To maintain a usable web interface, one would want to
stay well below the maximum throughput/port numbers above.
The overhead required to set up an SSL connection is significant. The time required to open a connection
to SocketServer varies depending on the public-key encryption scheme used for the initial handshaking.
These are typical setup times for the three public-key encryption schemes for the DeviceMaster:
-
RSA 0.66 seconds
-
DHE 3.84 seconds
-
DHA 3.28 seconds
Since there is a certain amount of overhead for each block of data sent/received on an SSL connection, the
SocketServer polling rate and size of bocks that are written to the SocketServer also has a noticeable
effect on CPU usage. Writing larger blocks of data and a slower SocketServer polling rate will decrease
CPU usage and allow somewhat higher throughputs.
76 - DeviceMaster Security
9600
RC4-MD5
32
RC4-SHA
32
AES128-SHA 28
AES256-SHA 26
DES3-SHA
15
38400
57600
115200
16
10
5
13
9
4
7
5
2
7
4
2
3
2
1
DeviceMaster Installation and Configuration Guide: 2000594 Rev. F
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Comtrol DeviceMaster DM-2000 Series

Related Products for Comtrol DeviceMaster DM-2000 Series

This manual is also suitable for:

Devicemaster proDevicemaster dm-2201Devicemaster serial hubDevicemaster rtsDevicemaster dm-2302Devicemaster dm-2304 ... Show all

Table of Contents