>600ms hangup with RSA signed certs

[pinkforest]

made a quick server toy that just prints out UwU anyone connecting to show the 600ms delay

https://github.com/pinkforest/tls_neg_loiter

1. add loiter.rustcryp.to into your hosts for your 127.0.0.1 loopback
2. cd certs;make rsa4096
3. cd ..; cargo run (to run the mock server)
4. openssl s_client -crlf -servername loiter.rustcryp.to -CAfile certs/ca.rsa4096.crt 127.0.0.1:828 (shows delay after CONNECTED)
5. connect with firefox with network console and also see (server doesn't multiplex so ensure you close the openssl before)

This only happens with issues signed with rsa but it doesn't happen with prime256v1 etc. these only have 1-3 ms latency

Also doesn't happen with aws-lc-rs with either rsa4096 / prime256v1

Probably good idea to bump RSA...

[pinkforest]

https://github.com/pinkforest/tls_neg_loiter/blob/main/flamegraph.svg

[stevefan1999-personal]

Looks like finite field operation is not accelerated with SIMD looking at the flamegraph as you see the add_mul_vvw is occupying a huge portion of the plateau. What happen if you run it in release mode?

[tarcieri]

I'd be curious to see a similar flame graph for an rsa v0.9 prerelease using crypto-bigint instead of num-bigint