Forum Discussion
CirrostratusCPU Increase when enabling AES-GCM
Supposedly AES-GCM should be the "best" cipher right now in terms of efficiency, however I noticed when enabling it on the F5, CPU goes up significantly. This is on a Viprion 2100 blade, 11.5.1 HF6. Anyone else seeing this?
I'm using "MEDIUM:!ADH:!RC4:@SPEED:RSA+3DES" for the cipher string. Adding a "!AES-GCM" to the line causes the CPU to immediately drop.
18 Replies
Kai_KatajaAltostratus
I could not wait anymore and had to find the TLS/SSL hardware used from article "SOL7778: BIG-IP hardware SSL and compression cards". Then search "Product Brief" for the specific chip to be sure if SHA-2 hardware acceleration is possible. Hopefully we get some answer from F5 to this SHA-2 CPU consumption issue.
John_Heyer_1508Looks like this did get fixed. We're on 11.6.1 HF2 now and I see no noticeable CPU increase with this cipher string, which should result in the vast majority of handshakes going SHA256 or SHA384
ECDHE+AES-GCM:ECDHE+AES:RSA+AES+SHA:RSA+3DESI'm thinking it may have been back in 11.6.0 HF5, which fixed this bug:
491030-6 : Nitrox crypto accelerator can sometimes hang when encrypting SSL records
