Table of Contents
Advertisement
SSL Performance
SSL Performance
SSL Cipher Suites
56 - DeviceMaster LT Security
The DeviceMaster LT has these SSL performance characteristics:
•
Encryption/decryption is a CPU-intensive process, and using encrypted data
streams will limit the number of ports that can be maintained at a given serial
throughput. For example, the table below shows the number of ports that can
be maintained by SocketServer at 100% throughput for various cipher suites
and baud rates.
RC4-MD5
RC4-SHA
AES128-SHA 28
AES256-SHA 26
DES3-SHA
Note: These throughputs required 100% CPU usage, so other features such as the
web server are very unresponsive at the throughputs shown above. To
maintain a usable web interface, one would want to stay well below the
maximum throughput/port numbers above.
•
The overhead required to set up an SSL connection is also significant. The
time required to open a connection to SocketServer varies depending on the
public-key encryption scheme used for the initial handshaking. Typical setup
times for the three public-key encryption schemes supported by the
DeviceMaster LT are shown below:
-
RSA 0.66 seconds
-
DHE 3.84 seconds
-
DHA 3.28 seconds
•
Since there is a certain amount of overhead for each block of data sent/
received on an SSL connection, the SocketServer polling rate and size of bocks
that are written to the SocketServer also has a noticeable effect on CPU usage.
Writing larger blocks of data and a slower SocketServer polling rate will
decrease CPU usage and allow somewhat higher throughputs.
This subsection provides information about SSL cipher suites.
•
An SSL connection uses four different facilities, each of which can use one of
several different ciphers or algorithms. A particular combination of four
ciphers/algorithms is called a "cipher suite".
•
A Cipher Suite consists of
-
Public Key Encryption Algorithm
• Used to protect the initial handshaking and connection setup.
• Typical options are RSA, DH, DHA, DHE, EDH, SRP, PSK
• DeviceMaster LT supports RSA, DHA, DHE
-
Authentication Algorithm
• Used to verify the identities of the two parties to each other.
• Typical options are RSA, DSA, ECDSA
• DeviceMaster LT supports only RSA
-
Stream Cipher
• Used to encrypt the user-data exchanged between the two parties.
• Typical options: RC4, DES, 3DES, AES, IDEA, Camellia, NULL
• DeviceMaster LT supports RC4, 3DES, AES
9600
38400
57600
32
16
10
32
13
9
7
5
7
4
15
3
2
DeviceMaster LT User Guide: 2000586 Rev. B
115200
5
4
2
2
1
Advertisement
Table of Contents
Troubleshooting
