RFR 8223482: Unsupported ciphersuites may be offered by a TLS client
Martin Balao
mbalao at redhat.com
Fri May 24 19:16:07 UTC 2019
Hi Xuelei,
Thanks for your reply.
I think I now know what you mean.
Here it's a new benchmark:
http://cr.openjdk.java.net/~mbalao/webrevs/8223482/benchmark_sslcontextloading_manual_v0.tar.gz
In this new benchmark we measure the following sequence:
long startTime = System.currentTimeMillis();
ctx = SSLContext.getInstance("TLSv1.2");
long stopTime = System.currentTimeMillis();
The SSLContext class gets initialized per run.
We test both NON_FIPS (SunJCE) and FIPS (SunPKCS11) providers.
Results summary (100 runs per case):
FIPS_with_8223482_webrev01.txt average: 314.33 ms
NON_FIPS_with_8223482_webrev01.txt average: 817.91 ms
FIPS_without_8223482_webrev01.txt average: 358.42 ms
NON_FIPS_without_8223482_webrev01.txt average: 771.34 ms
So, yes, it seems that there is a ~6% startup impact on SunJCE. These
numbers are not accurate though because of using
System.currentTimeMillis to measure, they provide just a rough idea.
Kind regards,
Martin.-
More information about the security-dev
mailing list