The following results are for IcedTea 6 & 7 using the NSS provider but without the hardware AES support enabled. It turns out that testing this scenario doesn’t require changing the NSS code; you merely need to set the environment variable NSS_DISABLE_HW_AES=1.

IcedTea6 with the NSS Provider but no hardware AES

Keysize 4k block, enc 4k block, dec 32k block, enc 32k block, dec 256k block, enc 256k block, dec 1024k block, enc 1024k block, dec
128 bit 7.04 ns/byte, 135MB/s 7.14 ns/byte, 134MB/s 5.93 ns/byte, 161MB/s 6.26 ns/byte, 152MB/s 6.28 ns/byte, 152MB/s 6.39 ns/byte, 149MB/s 6.31 ns/byte, 151MB/s 6.57 ns/byte, 145MB/s
192 bit 7.46 ns/byte, 128MB/s 7.72 ns/byte, 124MB/s 7.18 ns/byte, 133MB/s 7.54 ns/byte, 126MB/s 7.16 ns/byte, 133MB/s 7.27 ns/byte, 131MB/s 7.19 ns/byte, 133MB/s 7.48 ns/byte, 128MB/s
256 bit 8.34 ns/byte, 114MB/s 8.61 ns/byte, 110MB/s 8.25 ns/byte, 116MB/s 8.62 ns/byte, 111MB/s 8.04 ns/byte, 119MB/s 8.16 ns/byte, 116MB/s 8.10 ns/byte, 118MB/s 8.37 ns/byte, 114MB/s

IcedTea7 with the NSS Provider but no hardware AES

Keysize 4k block, enc 4k block, dec 32k block, enc 32k block, dec 256k block, enc 256k block, dec 1024k block, enc 1024k block, dec
128 bit 6.90 ns/byte, 138MB/s 6.81 ns/byte, 140MB/s 5.75 ns/byte, 166MB/s 5.97 ns/byte, 160MB/s 5.65 ns/byte, 169MB/s 5.91 ns/byte, 162MB/s 5.63 ns/byte, 169MB/s 5.89 ns/byte, 162MB/s
192 bit 7.17 ns/byte, 133MB/s 7.34 ns/byte, 130MB/s 6.64 ns/byte, 143MB/s 6.85 ns/byte, 139MB/s 6.54 ns/byte, 145MB/s 6.79 ns/byte, 140MB/s 6.52 ns/byte, 147MB/s 6.78 ns/byte, 140MB/s
256 bit 8.12 ns/byte, 117MB/s 8.23 ns/byte, 116MB/s 7.56 ns/byte, 126MB/s 7.80 ns/byte, 122MB/s 7.43 ns/byte, 129MB/s 7.69 ns/byte, 124MB/s 7.41 ns/byte, 129MB/s 7.67 ns/byte, 125MB/s

There is still a noticeable improvement using the NSS provider, but not as significant as when AES is handled in hardware. This does, however, mean that enabling NSS as the primary provider should show a benefit on all installs, not just ones with hardware AES.

I also found today that Oracle have enabled this provider with a priority of 2 on Solaris builds from jdk7u4 on; see bug 7088989 and this commit. Priority 1 is given to a proprietary provider, com.oracle.security.ucrypto.UcryptoProvider, the source of which is not included in OpenJDK.