Comparison of SSL/TLS Libraries Based on Algorithms/Languages Supported, Platform, Protocols and Performance

Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance

By Akshay Thorat Table of Contents

TLS - Why is it needed ? Introduction- SSL/TLS evolution Libraries Studied Comparison Library to Implementation Supported Features Algorithm/Ciphers Supported Performance for libraries Conclusion Transport Layer Security(TLS), why is it needed ?

Communication security on internet Secure - Email, VOIP, Web browsing, Bank transactions Provides Privacy and Integrity of data Prevent Eavesdropping and Tampering Introduction

 Application protocol independent  TLS versions (Implementations) evolved as SSL1.0->SSL2.0->SSL3.0 ->TLS1.0->TLS1.1->TLS1.2->TLS1.3 (draft)

Less Secure

 Each suite contains authentication, message authentication code (MAC), key exchange and encryption algorithms  Datagram TLS (DTLS) – TLS with packet lost and reordering implementation DTLS1.0 and DTLS 1.2 Libraries Under Consideration

Primary  OpenSSL - Robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS)  GnuTLS – Portable ANSI C based library with Lesser General Public license (GPL) Other  Network Security Services (NSS) - Library designed to support cross- platform development of security-enabled client and server applications  Cryptlib - Open source cross-platform software security toolkit library for SSL/TLS and SSH secure sessions, CA services Library to Implementation comparison

Library SSL3.0 TLS1.0 TLS1.1 TLS1.2 TLS1.3 DTLS1.0 DTLS1.2

OpenSSL Yes Yes Yes Yes Yes Yes Yes

GnuTLS Yes Yes Yes Yes No Yes Yes

NSS Yes Yes Yes Yes Yes Yes Yes

Cryptlib Yes Yes Yes Yes No No No General Comparison OpenSSL GnuTLS NSS Languages C C C or C++ Cryptographic Token Not Present natively * Present Present Interface- PKCS #11 Thread safety Two callback function Use POSIX or Yes with POSIX or Win Win Thread Threads CPU Assisted Crypt. Yes Yes (+VIA Yes With AES-NI Padlocks)

 Languages  Cryptographic Token Interface - Hardware security module  Platform independent API for Hardware Security Modules (HSM) and smart cards  Thread Safety – Safe shared data manipulation  CPU assisted Cryptography – Use of hardware acceleration for cryptographic functions with supported instruction set

*engine needs to be added externally through patch Performance Comparisons

Criteria  Literature survey of Speedtest and Comparison of Open-Source Cryptography Libraries by Timo Bingmann  Public key performance results for NSS  Installing OpenSSL and running hashing algorithms  Installing GnuTLS and running benchmarking for hashes/ciphers OpenSSL and GnuTLS Comparison  Each speed test consists of one encryption pass directly followed by a decryption pass  Ciphers Tested  OpenSSL - AES, Blowfish,CAST5,3DES, XTEA  GnuTLS – AES, Blowfish, CAST5,3DES, Serpent, Twofish  Average of KB of data processed per unit time with different distributions Throughput KB/s 35,000 30,000 25,000 20,000 15,000 10,000 5,000 0 Ubuntu-hardy Debian-lenny Ubuntu-Gutsy Fedora8 Debian-etch GnuTLS OpenSSL Problems

 Ciphers compared are not same – average values could have been shifted  Varying Buffer size values were calculated and only ran once – should have ran multiple times until results avg. out  Only Symmetric ciphers are tested NSS  The SSL_RSA_WITH_RC4_128_MD5 (SSL3) cipher is used  Restart runs utilize cache which results in higher throughput  Full runs handshake every connection which introduce overhead

Type Ops/sec CPU-usage(%) Full 156.23 95 Full-zones 216.55 100 Restart 220.76 90 Restart-zones 569.82 86 Throughput and CPU usage 600 500 400 300 200 100 0 Full Full-zones Restart Restart-zones Throughput (Ops/sec) CPU-usage(%)

 CPU utilization is near about same for each run  So varying throughput is a function of Memory access speed  Depending the use of cache, throughput can be vastly increased Performance Tests

Comparison based OS running natively vs in Virtual machine Libraries compared – OpenSSL and GnuTLS Native machine and VM both are running equal environments Ubuntu 16.04 CPU – Intel core i5 – 2.20GHz RAM – 4GB Disk – 25GB OpenSSL Throughput (KB/s) Comparison 350000 300000 250000 200000 150000 100000 50000 0 1 10 100 1000 10000 Buffer Size (Bytes) Native VM  SHA256 with varying buffer size (16,64,256,1024,8192 Bytes)  Buffer size above 1000 bytes, starts to saturate throughput – 330MB/s  In VM, low throughput is observed because of overhead of running inside VM  After increasing buffer value by certain value bottleneck can occur GnuTLS Throughput KB/s 700000 600000 500000 400000 300000 200000 100000 0 SHA1 SHA256 SHA512 Native VM  Hashing algorithms checked for fixed payload size (16384 bytes)  MACs - SHA1, SHA256,SHA512  Throughput around 300MB/s  In VM low throughput Conclusion Best library ? Depends on criteria  Higher Throughput and simple – OpenSSL (32MB/s)  Portable and lightweight - GnuTLS  Cross Platform support – NSS  License compatibility - Apache License (used by OpenSSL) are incompatible with the GPL, GnuTLS or NSS  Novice TLS developer – OpenSSL  Wide Support  Simple to use  Single platform and no compatibility required Thank You ! References

[1] Timo Bingmann,(14th July 2008), Speedtest and Comparison of Open-Source Cryptography Libraries and Compiler Flags, [online]. Available: https://panthema.net/2008/0714-cryptography-speedtest-comparison/ [2] OpenWrt Oraganisation (n.d). OpenSSL Benchmarks tool. [online]. Availble: https://wiki.openwrt.org/doc/howto/benchmark.openssl [3] GNU TLS, Transport Layer Security Library for the GNU system, for version 2.0.2, 17 October 2007. Available: http://ports.gnu-darwin.org/security/gnutls/work/gnutls- 2.0.2/doc/gnutls.pdf [4] Mozilla Developer Network. Network Security Services. Available: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS#Documentation . Accessed: Sep. 8,2017.