Hi @pm77
As John correctfully mentioned, the PK operations ( key exchange and signing \ certificate verifying) are the bottle necks and depend on the CPU.
From you latest snapshot, Looking at the old PolarSSL, From the Server Hello message to the Change Cipher Spec message, it took 0.6 seconds ( The first application data is sent after 5.6 seconds), and in the Mbed TLS snapshot, using same ciphersuite (TLS_DHE_RSA_WITH_AES_256_CBC_SHA) it took 0.95 seconds. There is some differnces, but as the product evolved, there might have been some changes affecting this.
Looking at the other Mbed TLS 2.6.1 snapshot, that uses the ECDHE ciphersuite, it took 1.2 seconds.
Note that the first application data is sent after ~33 seconds, but the handshake is finished much before that. (I would say it’s the Encrypted Handshake message sent after 1.2 seconds).
Have you checked the client’s log to undestand why the application data is sent so late?
Have you looked at Increasing SSL and TLS performance — Mbed TLS documentation and https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint ?
Regards,
Mbed TLS Support
Ron