Performance improvement with ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA

Hi Team,

We are porting mbedTLS on a iRTOS, ARM9 based processor, 32-bit big endian RISC architecture.
We are experiencing performance issues i.e. encryption and decryption is way slower.
We don’t have hardware accelerator on platform. We have also disabled DEBUG related configurations.
Still the performance is not satisfactory.
Can you please suggest what else can be done to improve decryption and encryption to make them faster, especially decryption?

Regards,
Kartik

Hi Kartik,
I am assuming you are referring to symmetric cipher performance, and not your pk operations.
Unfortunately, since your platform doesn’t have hw acceleration of any sort, there is not much you can do.
I can suggest you use aead algorithm instead of aes and hash ( as stated in other thread).
I would try using multithreading, following the article Thread safety and multithreading: concurrency issues — Mbed TLS documentation.

Regards,
Mbed TLS Team member
Ron

Hi Ron,

Thanks for the prompt response!
We did try TLS_RSA_WITH_AES_128_GCM_SHA256 but performance was even slower than what we had using the one stated in the topic. Are there any other factors to look upon for performance enhancement?

Also, do you mean multithreading may help in faster decryption?

Regards,
Kartik

Hi Ron,

While using mbedtls_ssl_read() and mbedtls_ssl_write() as APIs for decryption and encryption respectively, is their anyway for these operations to get simultaneously performed?

Regards,
Kartik

Hi Kartik,
mbedtls_ssl_read() and mbedtls_ssl_write() are independent of each other once handshake is done. Multi-threading may assist in this matter. Please look at the multi-threading article referenced earlier.

Regards,
Ron