[gnutls-devel] GnuTLS | gnutls_handshake is slow on some Android devices (Android 9) (#902)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jan 10 01:37:32 CET 2020

Sébastien Blin commented:

> The numbers you present seem quite high for a handshake.

In fact it's the time for the whole connection not just the handshake, but yeah it's indeed quite high

Ok, it will take some time for me to test, I have a big todo list for now, but I think I will take some time to do a bisect to get the commit (but first I will list here the negotiated ciphers used)

> gnutls-cli --benchmark-tls-kx

Not sure I will be able to get the difference for Android?

> Do you use some special mode (e.g., FIPS), and specific ciphersuites? What ciphersuites do you see in the handshakes you describe?

For the ciphersuites I will give more details asap, but it's not really special. For example between a GNU/Linux and Android (8 so without the issue) with 3.6.10 (both sides):

[1578615382.359|38541|tls_session.cpp   :891  ] [TLS] session established: (TLS1.3)-(DHE-FFDHE8192)-(RSA-PSS-RSAE-SHA384)-(AES-256-GCM)
[1578615382.359|38541|sips_transport_ice.cpp:530  ] [TLS] using cipher TLS_DHE_RSA_AES_256_GCM_SHA384 (0x009F)

I will post more details as soon as possible.

However, I talked with the dev for iOS and she reproduces the issue, so we also downgrade gnutls on iOS (but not macos).

1. I will post the ciphersuites with different devices and gnutls versions
2. Will try to bisect to locate the bad commit (yeay only ~150 commits)

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/902#note_269492212
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200110/2a0e37d5/attachment.html>

More information about the Gnutls-devel mailing list