On Fri, 24 Feb 2017, Yann Ylavic wrote:
On Thu, Feb 23, 2017 at 8:50 PM, Jacob Champion <champio...@gmail.com> wrote:
Going off on a tangent here:
For those of you who actually know how the ssl stuff really works, is it
possible to get multiple threads involved in doing the encryption, or do
you need the results from the previous block in order to do the next
one?
I'm not a cryptographer, but I think how parallelizable it is depends on the
ciphersuite in use. Like you say, some ciphersuites require one block to be
fed into the next as an input; others don't.
Yes, and the cost of scheduling threads for non dedicated cypto device
is not worth it I think.
But mainly there is not only one stream involved in a typical HTTP
server, so probably multiple simulteneous connections already saturate
the AES-NI...
Actually, the AES-NI capability can be seen as a dedicated crypto
device of sorts... It's just a bit more versatile with a CPU core
stuck in there as well ;-)
I would much prefer if httpd could be able to push full bandwidth
single-stream https using multiple cores instead of enticing users to
use silly "parallel get" clients, download accelerators and whatnot.
Granted, the use cases are not perhaps the standard
serve-many-files-to-the-public ones, but they do exist. And depending
on which way the computing trends blow we might start seeing more
competing low-power cpus with more cores and less capability requiring
more threads to perform on single/few-stream workloads.
In any event I don't think the basic idea of multiple-thread-crypto
should be dismissed lightly, especially if someone (definitely not me)
figures out a neat way to do it :-)
Personally, it's the angst! of having to wait more than 10 seconds for
a DVD-sized Linux-distro.iso download when I KNOW that there are 7
cores idling and knowing that without the single-core bottleneck I
would have 6 additionals seconds of time to spend on something useful
8-()
/Nikke - thinking that the Subject is not that accurate anymore...
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | ni...@acc.umu.se
---------------------------------------------------------------------------
Sattinger's Law: It works better if you plug it in.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
