Half a percent is small but there should ideally be zero errors. Could you file a report so we can fix that?
Part of what makes the redbean TLS stack fast is I spent some time hacking on MbedTLS to improve its performance. One of things that's counter intuitive about crypto code is assembly can be safer in additional to being faster, since it helps guarantee the compiler doesn't add branches, for things like bit overflow carrying in arithmetic operations. One example is https://github.com/jart/cosmopolitan/blob/master/third_party... which I wrote to make the NSA curve much faster. I've been meaning to upstream into MbedTLS. Another thing I added is https://github.com/jart/cosmopolitan/blob/master/libc/nexgen... which greatly improves the performance of RSA multiplication using Intel's ADX ISA. But C crypto code can be beautiful too! For example, I found Everest (curve25519) particularly impressive, since they solve overflow in a different way, and as such, it's quite possibly the only large piece of C/C++ code I've ever seen that contains zero conditional branches and zero pointers. https://github.com/jart/cosmopolitan/blob/master/third_party... The closest thing I've found to measuring the performance impact of my changes is by recording how long the MbedTLS test suite takes to run. The speedup for suite_ssl is 13.11x faster, RSA is 1.91x, ECP is 1.86x, and ECDSA is 2.84x.
Oh phew! I've always aimed for five nines reliability in my career so hearing half a percent (one nine) while small is a big deal for my rep. I would encourage you to keep torture testing redbean. Let me know if you spot any opportunities for improvement!
Part of what makes the redbean TLS stack fast is I spent some time hacking on MbedTLS to improve its performance. One of things that's counter intuitive about crypto code is assembly can be safer in additional to being faster, since it helps guarantee the compiler doesn't add branches, for things like bit overflow carrying in arithmetic operations. One example is https://github.com/jart/cosmopolitan/blob/master/third_party... which I wrote to make the NSA curve much faster. I've been meaning to upstream into MbedTLS. Another thing I added is https://github.com/jart/cosmopolitan/blob/master/libc/nexgen... which greatly improves the performance of RSA multiplication using Intel's ADX ISA. But C crypto code can be beautiful too! For example, I found Everest (curve25519) particularly impressive, since they solve overflow in a different way, and as such, it's quite possibly the only large piece of C/C++ code I've ever seen that contains zero conditional branches and zero pointers. https://github.com/jart/cosmopolitan/blob/master/third_party... The closest thing I've found to measuring the performance impact of my changes is by recording how long the MbedTLS test suite takes to run. The speedup for suite_ssl is 13.11x faster, RSA is 1.91x, ECP is 1.86x, and ECDSA is 2.84x.