Ancestors

Toot

Written by rsalz on 2024-11-19 at 13:58

Rusttls now uses a provider interface and the default is aws-ls-rs, a verified Rust implementation. Previously it used ring which used boringSSL for some crypto. They also did lots of perf tuning (I forgot the link), make @djc can give some opinters.

From my semi-naive look at rustls code, I doubt "faster crypto" is really the answer to their faster TLS. It's a stunning achievement.

=> More informations about this toot | More toots from rsalz@ioc.exchange

Descendants

Written by Dirkjan Ochtman on 2024-11-19 at 17:07

@rsalz latest benchmarks at https://www.memorysafety.org/blog/rustls-performance-outperforms/!

=> More informations about this toot | More toots from djc@hachyderm.io

Written by Tony Finch on 2024-11-19 at 17:22

@djc @rsalz i was wondering where the speedup came from when my cron job resurfaced that link this morning https://mendeddrum.org/@fanf/113508746144815396

it would be interesting to see how rustls compares to aws s2n-tls

=> More informations about this toot | More toots from fanf@mendeddrum.org

Written by Joe Birr-Pixton on 2024-11-19 at 18:11

@fanf @djc @rsalz There are some good blog posts from the s2n-bignum/aws-lc team about their performance & assurance work -- https://www.amazon.science/blog/better-performing-25519-elliptic-curve-cryptography https://www.amazon.science/blog/formal-verification-makes-rsa-faster-and-faster-to-deploy

The first one especially is the backbone of these results -- we prefer X25519 for key exchange, and every measure (apart from TLS1.2 resumption) relies on its performance.

The other thing that happened recently is aws-lc gained AVX-512-accelerated RSA contributed by Intel, that was already present in OpenSSL since 3.0. This was the final gap between us and openssl.

Finally, we've spent quite a bit of the last year measuring (ref https://ochagavia.nl/blog/continuous-benchmarking-for-rustls/) and just incrementally improving performance.

=> More informations about this toot | More toots from jpixton@octodon.social

Written by Richard Levitte on 2024-11-19 at 19:26

@rsalz @djc

Oh, so providers there too? Nice!

=> More informations about this toot | More toots from levitte@mastodon.nu

Written by rsalz on 2024-11-20 at 16:57

@levitte @djc Not in the sense of OpenSSL picking which libs at runtime, and loading multiple providers with different characteristics.

=> More informations about this toot | More toots from rsalz@ioc.exchange

Written by Richard Levitte on 2024-11-21 at 16:34

@rsalz @djc

Ah ok

=> More informations about this toot | More toots from levitte@mastodon.nu