Debian Stretch for Raspberry Pi was just released, and also marks the first time the supposedly more efficient chacha-poly (web) encryption is available — depending on Openssl version 1.1.0. Using the Nginx web server and the apache benchmarking suite (ab
), I performed a quick test to check the possible improvements, using the RPi zero W. Nginx server SSL setup is based on bettercrypto.org recommendations.
Debian Jessie setup: Nginx 1.6.2, Openssl 1.0.1. Cipher: TLSv1.2,DHE-RSA-AES256-GCM-SHA384,3072,256
Debian Stretch setup: Nginx 1.10.3, Openssl 1.1.0f. Cipher: TLSv1.2,ECDHE-RSA-CHACHA20-POLY1305,3072,256
Doing a fairly standard test of 100 requests, with 10 concurrent requests, and a 3072bit SHA256 server certificate and dhparams, there seems to be a significant improvement. Using the Jessie setup, it takes 150 seconds (2.5 minutes) to perform this test. Using the new Stretch setup, this is reduced to 19 seconds (0.3 minutes).
The test was performed from Fedora 26 XFCE laptop on a gigabit ethernet. Though the RPi itself was connected wirelessly, adding some uncertainty.
RPi wireless connection was tested using iperf3
to be effectively ~42Mbps.