AES-NI support

Anthony Scarpino anthony.scarpino at oracle.com
Tue May 10 20:02:47 UTC 2016


Hi,

JEP 246 goes into some of these details but, particularly for AES-GCM 
for jdk9 with the GHASH intrinsics.  Also jdk supports intrinsics for 
SHA1/2 and RSA.  For jdk8, AES block ops use AES-NI and AES-CBC has been 
parallelized.

http://openjdk.java.net/jeps/246

Tony

On 05/10/2016 09:48 AM, Müller, Steffen (AIFB) wrote:
> Hi,
>
> I have a short – but probably not easy – question to the sec-dev
> community, since we have a research project dealing with the performance
> impact and performance optimizations for TLS:
>
> What TLS cipher suites and ciphers, modes of operation, security
> providers, etc. in general benefit from AES-NI in Java 8/9?
>
> I know that the TLS cipher suites using AES-GCM benefit from AES-NI in
> Java 8. The performance impact in various experiments can be
> considerable – measured with OpenJDK and OracleJDK 8u92. Furthermore, I
> can enable or disable AES-NI support (see, e.g.:
> https://stackoverflow.com/questions/23058309/aes-ni-intrinsics-enabled-by-default).
> I found the globals.hpp where the UseAES and UseAESIntrinsics is
> defined, but no further information. The Intel sources stemming from
> 2012, on the other side, only mention the NSS library (see, e.g.:
> https://software.intel.com/en-us/articles/intel-aes-ni-performance-testing-on-linuxjava-stack#enable-intel-eas-ni-in-oracle-jvm).
>
> In sum, the documentation regarding AES-NI support in Java is very
> inconsistent. I tried to find more information about this topic, but… Is
> there any further up-to-date documentation regarding AES-NI in Java 8/9?
> Is there anybody who can give me more information about this topic?
>
> Thanks
>
> Steffen Mueller
>




More information about the security-dev mailing list