Newsletters
Abstract
TLS/crypto library update in v10.6.0.0 improves security which comes with an associated performance cost.
Content
TLS/Crypto library update in v10.6.0.0
- In this firmware release, we will be including an updated crypto library
- This update is required to maintain CVE updates
- The updated crypto library improves security which comes with an associated performance cost
- The performance cost will vary depending on the size of payloads, TPS, CPU cores, and use-case, particularly dp:verify() function and verify processing policy action
- It is recommended, especially for clients who use signature verification, that capacity planning is done in conjunction with the upgrade to 10.6.0.X
Technical notes:
- Impact is predominantly observed when using dp:verify() function and verify processing policy action
- The impact is felt more with smaller payloads and larger CPU core counts
- SSL handshake costs, are felt less than verify costs, and vary depending on key size (smaller keys feel greater impact)
- These costs are observed as CPU usage increase and decrease in maximum TPS
- The test cases used to identify the impacts are "micro benchmarks" that are scoped narrowly to identify specific areas like cryptographic signature verification
[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m0z0000001g5fAAA","label":"DataPower-\u003EResource \/ Stability (RS)-\u003EPerformance"},{"code":"a8m50000000CdntAAC","label":"DataPower-\u003ESecurity (SE)"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.6.0"}]
Was this topic helpful?
Document Information
Modified date:
25 July 2024
UID
ibm17158664