beautypg.com

Ssl performance, Ssl cipher suites, Ssl performance ssl cipher suites – Comtrol DeviceMaster LT User Manual

Page 56

background image

56 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586

Rev. B

SSL Performance

SSL Performance

The DeviceMaster LT has these SSL performance characteristics:

Encryption/decryption is a CPU-intensive process, and using encrypted data
streams will limit the number of ports that can be maintained at a given serial
throughput. For example, the table below shows the number of ports that can
be maintained by SocketServer at 100% throughput for various cipher suites
and baud rates.

Note: These throughputs required 100% CPU usage, so other features such as the

web server are very unresponsive at the throughputs shown above. To
maintain a usable web interface, one would want to stay well below the
maximum throughput/port numbers above.

The overhead required to set up an SSL connection is also significant. The
time required to open a connection to SocketServer varies depending on the
public-key encryption scheme used for the initial handshaking. Typical setup
times for the three public-key encryption schemes supported by the
DeviceMaster LT are shown below:

-

RSA 0.66 seconds

-

DHE 3.84 seconds

-

DHA 3.28 seconds

Since there is a certain amount of overhead for each block of data sent/
received on an SSL connection, the SocketServer polling rate and size of bocks
that are written to the SocketServer also has a noticeable effect on CPU usage.
Writing larger blocks of data and a slower SocketServer polling rate will
decrease CPU usage and allow somewhat higher throughputs.

SSL Cipher Suites

This subsection provides information about SSL cipher suites.

An SSL connection uses four different facilities, each of which can use one of
several different ciphers or algorithms. A particular combination of four
ciphers/algorithms is called a “cipher suite”.

A Cipher Suite consists of

-

Public Key Encryption Algorithm

• Used to protect the initial handshaking and connection setup.

• Typical options are RSA, DH, DHA, DHE, EDH, SRP, PSK

• DeviceMaster LT supports RSA, DHA, DHE

-

Authentication Algorithm

• Used to verify the identities of the two parties to each other.

• Typical options are RSA, DSA, ECDSA

• DeviceMaster LT supports only RSA

-

Stream Cipher

• Used to encrypt the user-data exchanged between the two parties.

• Typical options: RC4, DES, 3DES, AES, IDEA, Camellia, NULL

• DeviceMaster LT supports RC4, 3DES, AES

9600

38400

57600

115200

RC4-MD5

32

16

10

5

RC4-SHA

32

13

9

4

AES128-SHA 28

7

5

2

AES256-SHA 26

7

4

2

DES3-SHA

15

3

2

1

See also other documents in the category Comtrol Accessories communication: