SSL (https, really) accelerators for Linux/Apache?

Victor Duchovni Victor.Duchovni at
Tue Jan 2 17:25:07 EST 2007

On Tue, Jan 02, 2007 at 01:43:14PM -0500, John Ioannidis wrote:

> There is too much conflicting information out there.  Can someone
> please recommend an SSL accelerator board that they have personally
> tested and used, that works with the 2.6.* kernels and the current
> release of OpenSSL, and is actually an *accelerator* (I've used a
> board from a certain otherwise famous manufacturer that acted as a
> decelerator...).  I only need this for SSL, not for IPsec.

I don't have any experience with any hardware in this space, but you
should be clear about one thing:

    - Are you trying to accelerate symmetric bulk crypto of the SSL
    payload, or the PKI operations in a cold SSL handshake?

Depending on the application and load, and given a suitable SSL session
cache, the PKI load may be negligible. For example, traffic between two
fixed MTAs with caches on both sides only does one SSL handshake per
cache TTL and then just bulk crypto for many deliveries that reuse the
cached SSL session.

So what is your load like?


 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list