SSL (https, really) accelerators for Linux/Apache?
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Tue Jan 2 17:25:07 EST 2007
On Tue, Jan 02, 2007 at 01:43:14PM -0500, John Ioannidis wrote:
> There is too much conflicting information out there. Can someone
> please recommend an SSL accelerator board that they have personally
> tested and used, that works with the 2.6.* kernels and the current
> release of OpenSSL, and is actually an *accelerator* (I've used a
> board from a certain otherwise famous manufacturer that acted as a
> decelerator...). I only need this for SSL, not for IPsec.
>
I don't have any experience with any hardware in this space, but you
should be clear about one thing:
- Are you trying to accelerate symmetric bulk crypto of the SSL
payload, or the PKI operations in a cold SSL handshake?
Depending on the application and load, and given a suitable SSL session
cache, the PKI load may be negligible. For example, traffic between two
fixed MTAs with caches on both sides only does one SSL handshake per
cache TTL and then just bulk crypto for many deliveries that reuse the
cached SSL session.
So what is your load like?
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list