4

I have an SSL client on an embedded device with a slow ARM-CPU.

I am trying to speed up the SSL connection setup by shortening the cipherslist. Disabling DiffieHellman by adding !DH gave an improvement.

I wonder if there are other algorithms i could disable to improve the speed. Of course without big security tradeoffs.

Another possibility would be to switch to a different SSL library (gnutls, matrixssl, yaSSL etc.) What are your experience with other SSL libraries especially on embedded devices?

arved
  • 4,401
  • 4
  • 30
  • 53
  • A simlar question but focusing on size of the binary is http://stackoverflow.com/questions/5414004/openssl-static-library-too-big-any-alternative-or-way-to-reduce-its-size – arved Nov 26 '12 at 12:34

1 Answers1

1

CyaSSL has an great track record with embedded devices and has been used many times with ARM-enabled embedded devices.

As for speeding up the connection with CyaSSL, you can speed up public key operations with fast math (--enable-fastmath) which will make use of assembly optimizations to speed up your handshake time. You can also switch to a different cipher, such as HC-128, which is CyaSSL's fastest cipher (a stream cipher).

CyaSSL is also pretty portable out of the box. The product page states that is supports the following OS's:

Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, Freescale MQX, Nucleus

It's also got a really small footprint (<100kB), which is another plus.

Chrisc
  • 1,498
  • 4
  • 17
  • 30