Manual

ManualsBrandsComtrol ManualsAccessories communicationDeviceMaster LT

56 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

SSL Performance

SSL Performance The DeviceMaster LT has these SSL performance characteristics:

• Encryption/decryption is a CPU-intensive process, and using encrypted da

reams will limit the number of ports that can be maintained at a given serial

throughput. For example, the table below shows the number of ports that can

be maintained by SocketServer at 100% throughput for various cipher suites

and baud rates.

Note: These throughputs required

100% CPU usage, so other features such as the

web server are very unresponsive at the throughputs shown above. To

maintain a usable web interface, one would want to stay well below the

maximum throughput/port numbers above.

• The overhead required to set up an SSL connection is also significan

t. The

ime required to open a connection to SocketServer varies depending on the

public-key encryption scheme used for the initial handshaking. Typical setup

times for the three public-key encryption schemes supported by the

DeviceMaster LT are shown below:

- RSA 0.66 seconds

- DHE 3.84 seconds

- DHA 3.28 seconds

• Since there is a certain am

ount of overhead for each block of data sent/

received on an SSL connection, the SocketServer polling rate and size of bocks

that are written to the SocketServer also has a noticeable effect on CPU usage.

Writing larger blocks of data and a slower SocketServer polling rate will

decrease CPU usage and allow somewhat higher throughputs.

SSL Cipher Suites This subsection provides information about SSL cipher suites.

• An SSL connection uses four different facilities, each of which can use on

e of

several different ciphers or algorithms. A particular combination of four

ciphers/algorithms is called a “cipher suite”.

• A Cipher Suite consists of

- Public Key Encryption Algorithm

• Used to protect the initial handshaking and connection setup.

• Typical options are RSA, DH, DHA, DHE, EDH, SRP, PSK

• DeviceMaster LT supports RSA, DHA, DHE

- Authentication Algorithm

• Used to verify the identities of the tw

o parties to each other.

• Typical options are RSA, DSA, ECDSA

• DeviceMaster LT supports only RSA

-Stream Cipher

• Used to encrypt the user-data exchange

d between the two parties.

• Typical options: RC4, DES, 3DES, AES, IDE

A, Camellia, NULL

• DeviceMaster LT supports RC4, 3DES, AES

9600 38400 57600 115200

RC4-MD5 32 16 10 5

4-SHA 32 13 9 4

AES128-SHA 28 7 5 2

AES256-SHA 26 7 4 2

DES3-SHA 15 3 2 1