[cryptography] tcpcrypt - the interesting crypto stuff

Chris Palmer chris at noncombatant.org
Fri Sep 17 11:45:44 EDT 2010

travis+ml-rbcryptography at subspacefield.org writes:

> http://tcpcrypt.org/tcpcrypt-slides.pdf
> Interesting discussion vis-a-vis server-side SSL performance.

I don't know how they ginned up that 82x figure. I've looked long and hard,
and never seen anything near that bad. The best worst I've found was HTTPS
having a factor of 4 reduction in TPS, and that was on a grossly
misconfigured server + badly-designed application that was also unreasonably
slow for plaintext HTTP.

But even if that 82x number is totally real, it's not the number that
matters. Theoretical maximum TCP conns/sec is a very different thing than
real page views/sec, transactions/sec, requests/sec, et c. Very few real
web applications are limited by transport layer set-up; those that are (like
Google's) tend to be so because they're already heavily optimized at the
more expensive content layer. Non-web apps can often amortize TLS setup,
such as databases using long-lived TLS connections to host many queries.


More information about the cryptography mailing list