Tempesta TLS is an implementation of TLS handshakes for the Linux kernel. Since the kernel already provides symmetric ciphers, we focus on asymmetric cryptography only, elliptic curves in particular.
Use used the mbed TLS library as the foundation and almost fully rewrote it to make is x40 faster. During our development we also use parts of WolfSSL library. While WolfSSL outperforms OpenSSL, it uses the same algorithms, which are 5-7 years of old. Tempesta TLS uses newer and more efficient algorithms from the modern cryptography research.
While we still improving performance of Tempesta TLS, the implementation already establishes 40-80% more TLS handshakes per second than OpenSSL/Nginx and provides up to x4 lower latency in several tests.
This talk covers following topics with plenty of benchmarks:
* The fundamentals of elliptic curve computations and the most "hot spots"
* Side channel attacks (SCA) and methods to prevent them
* How the recent CPU vulnerabilities impact TLS handshakes
* Basics of the new fast algorithms used in the Tempesta TLS
* The design trade offs in OpenSSL, WolfSSL, mbed TLS, and Tempesta TLS
* The funny assembly code with is more straightforward than C
LINKS:
- Tempesta FW on GitHub
- tls-perf on GitHub
- "Performance study of kernel TLS handshakes", Netdev paper
- API Proposal for the Linux kernel TLS handshakes
