Network Transfer Speed Comparison by ciphers

This documents compares network transfer speed of each cipher, which was measured on 3 CPU types, to help to determine which cipher should be set to the GLOBUS_GSSAPI_CIPHERS environment vairable. Please see gfarm_environ(7) man page for the GLOBUS_GSSAPI_CIPHERS setting.

Transfer Speed

bio type	cipher type	speed [Mbps]			note
bio type	cipher type	Xeon E5-2695	Xeon X5670	Opteron 2218	note
socket	plain text	12070	5510	940	insecure
ssl	AES128-GCM-SHA256	4180	2270	410
ssl	AES256-GCM-SHA384	3890	2200	330
ssl	NULL-MD5	2640	1810	940	no encryption
ssl	AES128-SHA	2630	1630	640
ssl	RC4-MD5	2440	1630	940	too weak
ssl	AES256-SHA	1840	1590	560
ssl	RC4-SHA	1820	1300	940	too weak
cipher	aes-128-cbc	1740	2080	900	no message authentication
cipher	aes-192-cbc	1640	1910	810	no message authentication
cipher	aes-256-cbc	1540	1770	750	no message authentication
ssl	NULL-SHA256	1350	980	790	no encryption
ssl	AES128-SHA256	950	850	510
ssl	AES256-SHA256	950	820	450
ssl	CAMELLIA128-SHA	760	690	580
cipher	bf-cbc	750	670	620	no message authentication
ssl	CAMELLIA256-SHA	620	580	520
ssl	IDEA-CBC-SHA	500	440	310
ssl	SEED-SHA	400	410	370
ssl	DES-CBC3-pMD5	160	170	150

sorted by the speed of:

Measurement Conditions

cpu type	clock [GHz]	released year	micro architecture	AES-NI instruction set	network type
Xeon E5-2695	2.40	2013	Ivy Bridge-EP	yes	InfiniBand
Xeon X5670	2.93	2010	Westmere	yes	InfiniBand
Opteron 2218	2.60	2007	Istanbul	no	1000BASE-T

NOTE:
What you can set to the GLOBUS_GSSAPI_CIPHERS environment variable is one of the cipher types which "bio type" is "ssl".