Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Poor TLS performance even with m2crypto #533

Open
Matviy opened this issue Nov 16, 2024 · 1 comment
Open

Poor TLS performance even with m2crypto #533

Matviy opened this issue Nov 16, 2024 · 1 comment
Labels
question

Comments

@Matviy
Copy link

Matviy commented Nov 16, 2024

I'm using tlslite-ng to establish a TLS 1.3 PSK connection to my server, and download a ~50MB file. Doing this over curl takes about 2-3 seconds. Using tlslite-ng without m2crypto, it takes about 10 minutes. With m2crypto, it takes 58 seconds.

I've profiled the code and while it does seem to be calling decrypt() in openssl_aes.py, it spends almost all of the time inside open()'s call to _auth(). Specifically, _mul() is called about 3 million times, and that's where 90% of the time is spent.

Is there any workaround for this?

Thank you.
@tomato42
Copy link
Member

tomato42 commented Nov 16, 2024
edited
Loading

The calls to _mul() are because it most likely uses a GCM ciphersuite, and the Galois MAC needs to be implemented in Python, as that's not supported in m2crypto: https://todo.sr.ht/~mcepl/m2crypto/264

the solution would to be to add a new back-end that calls to pyca/cryptography to do the whole AES-GCM operation outside python, you can see example code for that here: #300
adding pyca/cryptography backend is tracked in #303

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomato42 @Matviy