Is hardware acceleration possible with mbed TLS?

ss17 · Post by **ss17** » Mon Mar 25, 2019 7:26 am

Hi.

It looks like OpenVPN's integration with mbed TLS library doesn't support hardware acceleration (AES-NI etc). Is that right? If yes, any way/plans to implement that?

Thanks.

TinCanTech · Post by **TinCanTech** » Mon Mar 25, 2019 2:32 pm

As was explained on the mailing list, hardware acceleration is provided by the crypto library, not OpenVPN.

Please update this thread if you find an answer to your question.

ss17 · Post by **ss17** » Mon Mar 25, 2019 4:02 pm

Thanks for the clarification. My confusion arose from the fact the mbedtls is performing poorer than OpenSSL in most environments. Figured that its not related to AES-NI as mbedtls is indeed using it. Confirmed it by commenting "#define MBEDTLS_AESNI_C" in mbedtls config and re-compiling the library which resulted in further degradation of OpenVPN performance.

Loss of performance in comparison to OpenSSL has some other reason and I am unable to find that out. I tried compiling & testing OpenVPN with mbedtls on Debian, CentOS and Alpine (same system. just re-installed the OS). And for some reason OpenVPN-mbedtls performs equal or better than OpenVPN-OpenSSL on Alpine, all other things being identical.

dragontattoo · Post by **dragontattoo** » Tue Jul 23, 2019 12:22 pm

Got clarity from this discussion

OpenVPN Support Forum

Is hardware acceleration possible with mbed TLS?

Is hardware acceleration possible with mbed TLS?

Re: Is hardware acceleration possible with mbed TLS?

Re: Is hardware acceleration possible with mbed TLS?

Re: Is hardware acceleration possible with mbed TLS?