Open Bug 1555407 Opened 5 years ago Updated 8 months ago

[meta] Improve default TLS performance on ARM32


(NSS :: Libraries, task, P3)


(Not tracked)


(Reporter: jcj, Unassigned)


(Depends on 2 open bugs, Blocks 1 open bug)


(Keywords: meta)

On 32-bit ARM we're seeing AES-GCM as a performance bottleneck. It's possible that ChaCha20/Poly1305 might be an improvement which we could resolve once dynamic ordering is available (Bug 1555404), but we might also have some low-hanging fruit to improve arm32 performance some other way, either by optimizations in the current C implementation, or at compile-time choosing ChaCha over AES if we're on ARM. This meta bug should be the parent for the optimizations we undertake.

Note: as of now, we're discussing our Curve25519 implementation on 32-bit ARM in Bug 1550579.

Depends on: 1555411
Whiteboard: [qf:meta]

The newest hardware has AES HW accelerator (WIP is bug 1152625) even if AArch32, but this CPU will support AArch64 mode, so it won't use 32-bit mode binary if Android. Firefox 68+ has AArch64 package for Android.

Depends on: 1152625

Bug 1520297 is tracking Intermediate Preloading on Android, which is also an improvement here.

Depends on: 1520297
Depends on: 1562548
See Also: → 1562611
Depends on: 1550579
Depends on: 1564715
Depends on: 1583610
Depends on: 1592869
Performance Impact: --- → ?
Whiteboard: [qf:meta]
Severity: normal → S3
Priority: P1 → P3
You need to log in before you can comment on or make changes to this bug.