On Sat, Jan 30, 2016 at 04:09:43PM +0100, Nenad Merdanovic wrote: > In a decent;y sized environment getting several tens of millions > requests per day, statistics I gathered show that there is about 85-88% > of clients that support ECDSA. Using that and TLS keys, switching to > full HTTPS was barely noticeable when examining the CPU usage.
I'd like to add that I tested a well-known acceleration card a few months ago, and that RSA acceleration required a *lot* of processes (more than 40) for the card to start to provide any benefit over software, that the key generation latency was *much* higher than in software, and that ECDSA was slowed down to an unusable rate around 2 or 3 keys per second. Not to mention that there were a lot of patches to apply on top of openssl to make it barely usable, and that prevented us from easily following openssl security updates. So the only usage this card has is now to take space on the table in the R&D lab next to the test machines. The final point on this is that hardware doesn't follow specification updates fast enough, and can very quickly end up being counter-productive. I've already seen some SSL servers being limited by their hardware SSL accelerators. CPUs are fast and cheap nowadays. Often you'd better install a heavily multi-core CPU than waste a PCIe slot with such a card, unless this card is extremely good and you are certain that it can be flashed to support future algorithms efficiently. Just my two cents, Willy
