I ran some mbedTLS handshakes with various ciphers to see relative performance on an STM32F746 (Nucleo 144 board) running Stratify OS at 216MHz. These are the results I got.
A Few Notes
- The hardware uses ethernet and connects to a router.
- The test connected to Google’s Firebase (real-time database) and updated one value which consisted of a couple hundred bytes of data.
- I only tested ciphers that I thought would work. Firebase doesn’t support every possible cipher so in many cases the handshake failed.
- The tests were run with debugging on. So the values don’t represent optimal times but they can be compared for relative performance.
With debugging mostly disabled
MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256improved to 761ms from 1249ms.
You can see a clear pattern in the results.
RSA only was much faster than
ECDHE_RSA uses two ciphers–one for the server certificate and one for the key exchange–while
RSA just uses one. Because the data exchange was so small, the performance differences for the AES portion doesn’t really show up in the results.
The following ciphers failed (meaning incompatibility with Firebase).