while playing around with bug 5044 we discovered that libgmp is the culprit behind why tlstunnel is so slow on Solaris. We also found that opencsw's libgmp did not have this performance problem.
Digging further we found that libgmp has some hand-optimised code depending on which CPU you have. Unfortunately the configure script is not clever enough to figure out the correct thing with Solaris' triplets. If we help it out and tell it the minimum CPU it can assume then the performance skyrockets. Operations that currently take 600 ms take about 50 ms with a more properly built libgmp.
Fixed in r30109.
Tester should try out tlwebaccess and tlwebadm and check that request are handled within a hundred ms or so.
This change also means that diffie-hellman is now acceptably fast at safe key sizes. So let's turn that back on. This partly undoes bug 5460.
(In reply to comment #2)
> This change also means that diffie-hellman is now acceptably fast at safe key
> sizes. So let's turn that back on. This partly undoes bug 5460.
(In reply to comment #1)
> Fixed in r30109.
> Tester should try out tlwebaccess and tlwebadm and check that request are
> handled within a hundred ms or so.
Using the following in tlwebadm.hconf and tlwebaccess.hconf results in Chrome using DHE-RSA:
In chrome I looked at the network tab in the developer tools. Information regarding request times are available in that tab. According to that, the time the SSL part of the different requests take range from 70ms to 900ms. The mean time amounted to roughyly 150 ms though. Good enough