AES-NI support

Müller, Steffen (AIFB) steffen.mueller4 at kit.edu
Tue May 10 16:48:11 UTC 2016


Hi,

 

I have a short – but probably not easy – question to the sec-dev community,
since we have a research project dealing with the performance impact and
performance optimizations for TLS:

 

What TLS cipher suites and ciphers, modes of operation, security providers,
etc. in general benefit from AES-NI in Java 8/9?

 

I know that the TLS cipher suites using AES-GCM benefit from AES-NI in Java
8. The performance impact in various experiments can be considerable –
measured with OpenJDK and OracleJDK 8u92. Furthermore, I can enable or
disable AES-NI support (see, e.g.:
https://stackoverflow.com/questions/23058309/aes-ni-intrinsics-enabled-by-de
fault). I found the globals.hpp where the UseAES and UseAESIntrinsics is
defined, but no further information. The Intel sources stemming from 2012,
on the other side, only mention the NSS library (see, e.g.:
https://software.intel.com/en-us/articles/intel-aes-ni-performance-testing-o
n-linuxjava-stack#enable-intel-eas-ni-in-oracle-jvm).

In sum, the documentation regarding AES-NI support in Java is very
inconsistent. I tried to find more information about this topic, but
 Is
there any further up-to-date documentation regarding AES-NI in Java 8/9? Is
there anybody who can give me more information about this topic?

 

Thanks

Steffen Mueller

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20160510/428d7b98/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6281 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20160510/428d7b98/smime.p7s>


More information about the security-dev mailing list