Hi.
It looks like OpenVPN's integration with mbed TLS library doesn't support hardware acceleration (AES-NI etc). Is that right? If yes, any way/plans to implement that?
Thanks.
Is hardware acceleration possible with mbed TLS?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Mar 25, 2019 7:24 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Is hardware acceleration possible with mbed TLS?
As was explained on the mailing list, hardware acceleration is provided by the crypto library, not OpenVPN.
Please update this thread if you find an answer to your question.
Please update this thread if you find an answer to your question.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Mar 25, 2019 7:24 am
Re: Is hardware acceleration possible with mbed TLS?
Thanks for the clarification. My confusion arose from the fact the mbedtls is performing poorer than OpenSSL in most environments. Figured that its not related to AES-NI as mbedtls is indeed using it. Confirmed it by commenting "#define MBEDTLS_AESNI_C" in mbedtls config and re-compiling the library which resulted in further degradation of OpenVPN performance.
Loss of performance in comparison to OpenSSL has some other reason and I am unable to find that out. I tried compiling & testing OpenVPN with mbedtls on Debian, CentOS and Alpine (same system. just re-installed the OS). And for some reason OpenVPN-mbedtls performs equal or better than OpenVPN-OpenSSL on Alpine, all other things being identical.
Loss of performance in comparison to OpenSSL has some other reason and I am unable to find that out. I tried compiling & testing OpenVPN with mbedtls on Debian, CentOS and Alpine (same system. just re-installed the OS). And for some reason OpenVPN-mbedtls performs equal or better than OpenVPN-OpenSSL on Alpine, all other things being identical.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jul 23, 2019 12:22 pm
Re: Is hardware acceleration possible with mbed TLS?
Got clarity from this discussion