Jump to content
Welcome to our new Citrix community!

Cipher Suites and Performance for VPN Usage (some notes from experience)


Recommended Posts

Hi All,

 

Not a question, just information on an issue I've seen with cipher suites and performance.

 

Recently, I created a new pair of ADCs for a customer to provide some resilience for their service (main pair were not a redundant Internet link). This was a pair of 200Mbps VPXs. Users circa 400 concurrent (220 VPN, 180 ICA).

 

As part of the build, I updated cipher suites and general TLS / SSL settings to get an A+ in SSL Labs test.

 

I followed the settings in this article (though without TLS1.3 as I thought that was too much change at that point in time but kept the 1.2 suites):

https://docs.citrix.com/en-us/tech-zone/build/tech-papers/networking-tls-best-practices.html

 

All testing went OK but when we transitioned over to the new pair, packet CPU usage was at least 3x higher than what it was previously (from being around average 15-20% to 50-75%). At one busy time, CPU hit 100% for a period and sessions were disconnected. Note that it was the VPN sessions not the ICA that were causing the high usage.

 

In the end, I narrowed it down to the cipher suite in bold / starred below. As we are using an RSA key certificate, this was the first one that is used. I have since read elsewhere that with DH, each request has to be encrypted separately but with ECDHE it is more efficient. I saw evidence to suggest that this was the case (e.g. CPU usage matched the HTTP request rate pretty closely with DH).

 

Ciphers (and order) in the article:

TLS1.2-ECDHE-ECDSA-AES256-SHA384
TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384
***TLS1.2-DHE-RSA-AES256-GCM-SHA384***
TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256
TLS1.2-ECDHE-RSA-CHACHA20-POLY1305
TLS1.2-ECDHE-ECDSA-CHACHA20-POLY1305
TLS1.2-ECDHE-RSA-AES256-GCM-SHA384

 

I implemented the following cipher suite group / priorities for the VPN vserver and I still got an A+ in SSL labs (with no weak ciphers) but also packet CPU was back down to 20%. Note that the VPN clients are all managed machines and so we could be stricter with the ciphers (i.e. no legacy clients in scope).

TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
TLS1.2-ECDHE-RSA-CHACHA20-POLY1305
TLS1.2-DHE-RSA-AES256-GCM-SHA384
TLS1.2-DHE-RSA-AES128-GCM-SHA256

 

Hope that helps someone facing a similar issue.

 

Link to comment
Share on other sites

What you write makes a lot of sense: ECDHE ciphers are much lighter on CPU than DH are. Then, DH combined with SHA384.... then yes, I'm not at all surprised it's hitting the CPU hard!

 

Thanks for sharing, always interesting to actually hear information from the real world!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...