From 177cc09d24515596eb51739ce0a276c26e3c52f1 Mon Sep 17 00:00:00 2001 From: Mohit Agrawal Date: Thu, 2 Jan 2020 10:23:52 +0530 Subject: socket: Use AES128 cipher in SSL if AES is supported by CPU SSL performance is improved after configuring AES128 cipher so use AES128 cipher as a default cipher on the CPU those enabled AES bits otherwise ssl use AES256 cipher Change-Id: I91c50fe987cbb22ed76f8012094730c592c63506 Fixes: #1050 Signed-off-by: Mohit Agrawal --- rpc/rpc-transport/socket/src/socket.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'rpc') diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index ddaa1089015..65a41d93493 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -4161,6 +4161,34 @@ static void __attribute__((destructor)) fini_openssl_mt(void) ERR_free_strings(); } +/* The function returns 0 if AES bit is enabled on the CPU */ +static int +ssl_check_aes_bit(void) +{ + FILE *fp = fopen("/proc/cpuinfo", "r"); + int ret = 1; + size_t len = 0; + char *line = NULL; + char *match = NULL; + + GF_ASSERT(fp != NULL); + + while (getline(&line, &len, fp) > 0) { + if (!strncmp(line, "flags", 5)) { + match = strstr(line, " aes"); + if ((match != NULL) && ((match[4] == ' ') || (match[4] == 0))) { + ret = 0; + break; + } + } + } + + free(line); + fclose(fp); + + return ret; +} + static int ssl_setup_connection_params(rpc_transport_t *this) { @@ -4184,6 +4212,10 @@ ssl_setup_connection_params(rpc_transport_t *this) return 0; } + if (!ssl_check_aes_bit()) { + cipher_list = "AES128:" DEFAULT_CIPHER_LIST; + } + priv->ssl_own_cert = DEFAULT_CERT_PATH; if (dict_get_str_sizen(this->options, SSL_OWN_CERT_OPT, &optstr) == 0) { if (!priv->ssl_enabled) { -- cgit