Thread: TLS Settings
View Single Post
Old 08-25-2011, 04:21 PM  
Yil
Too much time...
 
Join Date: May 2005
Posts: 1,194
Default

Speeds would absolutely go up and CPU usage down if encryption used AES-NI. I don't think OpenSSL 1.0.0.x, which is what is currently available, supports it without applying a patch or using the development branch. If you look at OpenSSl-Changelog you can see what I believe is support in v1.0.1 but it doesn't have a release date by it. Hopefully it will just test the hardware and enable itself automatically else I'll have to add a line or something because we don't use the generic OpenSSL configuration file.

If there's a patch that auto-enables it you can replace the OpenSSL libs since I don't modify them in any way so you can try builds from anyone. Currently ioFTPD and OpenSSL are built for all machines and OpenSSL uses the optional assembly language build for extra speed.

As I mentioned in a post somewhere here I've got a list of performance changes / notes to apply someday. However one of them I haven't done because it's been simpler not to, but if performance is an issue on a gbit LAN or something maybe we'll have to try it. ioFTPD is currently built with VS2008 with a target of all machines. I think faster performance can be gotten if I let the compiler use SSE/SSE2 and release that as a separate build because older machines wouldn't be able to run that. Perhaps I could add some sort of trivial check and output an error if users had the wrong version or something. I could even consider trying the Intel compiler and letting it do even more crazy stuff for newer machines which would probably speed things up.

The reason I mention that build stuff is because you may be able to find an Intel compiler generated core i3+ build using SSE4 instructions out there somewhere and if that would work you can replace the 2 OpenSSL libs and see what happens.

On a slightly different note, I could also play with the TCP window size. I think we're using 64K (the historical max) but now windows supports much larger advertised sizes. However ioFTPD doesn't seem to have any trouble on 100Mbit networks so it's been good enough for me
Yil is offline   Reply With Quote