I can't really back this up with reliable numbers, but a company I once worked for experimented with such hardware. The outcome was, and I would still always recommend this today, to rather throw more regular hardware at the problem. Modern processors have a lot special instructions specifically for cryptographic operations (maybe make sure you are making full use of that) and are way cheaper than specialized SSL hardware. Stuff like SSL changes a lot and often needs immediate security fixes, so going with general purpose hardware where you are not dependent on some vendor support will likely make your life easier at some point.
That's just an opinion after all, of course. Cheers, Conrad On 04/01/2016 10:06 AM, Gerd Mueller wrote: > We are experiencing 100% cpu load by this specific haproxy thread during huge > ssl load. With haproxy .4 we first used stunnel, than apache with mod_ssl. I > think haproxy with ssl performance much better than the other 2 but I am > thinking about offloading to a specific ssl device. Does anybody know > anything about dedicated hardware? > > Thanks Gerd > > -------- Weitergeleitete Nachricht -------- > Von: Nathan Williams > <[email protected]<mailto:nathan%20williams%20%[email protected]%3e>> > An: Lukas Tribus > <[email protected]<mailto:lukas%20tribus%20%[email protected]%3e>>, > Gerd Mueller > <[email protected]<mailto:gerd%20mueller%20%[email protected]%3e>>, > [email protected] > <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>> > Betreff: Re: ssl offloading > Datum: Fri, 1 Apr 2016 01:54:29 +0000 > > > stunnel's what we used before Haproxy had it built in, which worked fine, but > SSL offloading in Haproxy's been excellent in our experience, so my guess > would be that you could make it work with some config tuning. > > On Thu, Mar 31, 2016, 12:45 PM Lukas Tribus > <[email protected]<mailto:[email protected]>> wrote: >> Hi list, >> >> what are your ideas about offloading of ssl? ssl inside haproxy is nice >> but is very expensive. > > Why would you think that? > > > Lukas > > > -- Conrad Hoffmann Traffic Engineer SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany Managing Director: Alexander Ljung | Incorporated in England & Wales with Company No. 6343600 | Local Branch Office | AG Charlottenburg | HRB 110657B
