[gnutls-devel] GnuTLS | gnutls_handshake is slow on some Android devices (Android 9) (#902)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Jan 10 01:37:32 CET 2020
Sébastien Blin commented:
> The numbers you present seem quite high for a handshake.
In fact it's the time for the whole connection not just the handshake, but yeah it's indeed quite high
Ok, it will take some time for me to test, I have a big todo list for now, but I think I will take some time to do a bisect to get the commit (but first I will list here the negotiated ciphers used)
> gnutls-cli --benchmark-tls-kx
Not sure I will be able to get the difference for Android?
> Do you use some special mode (e.g., FIPS), and specific ciphersuites? What ciphersuites do you see in the handshakes you describe?
For the ciphersuites I will give more details asap, but it's not really special. For example between a GNU/Linux and Android (8 so without the issue) with 3.6.10 (both sides):
```
[1578615382.359|38541|tls_session.cpp :891 ] [TLS] session established: (TLS1.3)-(DHE-FFDHE8192)-(RSA-PSS-RSAE-SHA384)-(AES-256-GCM)
[1578615382.359|38541|sips_transport_ice.cpp:530 ] [TLS] using cipher TLS_DHE_RSA_AES_256_GCM_SHA384 (0x009F)
```
I will post more details as soon as possible.
However, I talked with the dev for iOS and she reproduces the issue, so we also downgrade gnutls on iOS (but not macos).
So:
1. I will post the ciphersuites with different devices and gnutls versions
2. Will try to bisect to locate the bad commit (yeay only ~150 commits)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/902#note_269492212
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200110/2a0e37d5/attachment.html>
More information about the Gnutls-devel
mailing list