Here's my output to that: gnutls[2]: Enabled GnuTLS 3.3.26 logging... gnutls[2]: Intel SSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected -----Original Message----- From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos@xxxxxxxxx] Sent: Saturday, April 6, 2019 1:38 AM To: David Woodhouse; Phillips, Tony Cc: Daniel Lenski; openconnect-devel@xxxxxxxxxxxxxxxxxxx Subject: Re: [EXTERNAL] Re: What throughput is reasonable? On Fri, 2019-04-05 at 20:45 +0000, David Woodhouse wrote: > > > > Cat /proc/crypto | grep module > > > > includes the output "module : aesni_intel > > > > Does that mean "yes?" > > > > If "not necessarily," let me know how to query that. > > It means the hardware does. Not necessarily the particular piece of > software we care about though. > > > (and just an academic question: Is GnuTLS involved in ESP > > traffic? Or is > > that only SSL?) > > Yes, we use the crypto library for that. I'm insane, but not insane > enough to do my own crypto. you can verify which cpu optimizations are enabled either when running openconnect or gnutls-cli benchmark by exporting GNUTLS_DEBUG_LEVEL=3 prior to running it. You'll see something like: gnutls[2]: Enabled GnuTLS 3.6.7 logging... gnutls[2]: getrandom random generator was detected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator (AVX) was detected regards, Nikos _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
