[Help-gnutls] gnutls_handshake() is slow and is a big lock

Eric Leblond regit at inl.fr
Sat Jul 29 11:47:00 CEST 2006


After a long benchmark week, we found some slowness in our program
(NuFW : http://www;nufw.org). 

The main point is that gnutls_handshake() is "slow". Slow means :
      * ~200ms on an AMD 2GHz
      * ~500 ms on an IBM PowerPC with 4 CPU bicore !?
The weirdest thing is that it takes only about 30ms on a laptop (Intel
Celeron 1.6Ghz)

For that test, we use the same clients and only switch the server
target, thus time comes from the server.

We dig into gnutls code, and we found *the* function which takes so much
time. At the server site, the function is:
   _gnutls_pkcs1_rsa_decrypt() -- lib/auth_rsa.c

Another *BAD* point is that the handshake doesn't look to be possible on
multiple threads whereas server code uses a lot of thread.

So, any idea to explain why _gnutls_pkcs1_rsa_decrypt() is so slow on my
computer and really faster on another one? And do you think that
gnutls_handshake() can be used in two different threads at the same

We tried different gnutls and gcrypt versions. I'm using last version of
gcrypt and gnutls on my computer. (gnutls 1.2.2 and gnutls 1.4).

Victor Stinner and Eric Leblond

More information about the Gnutls-help mailing list