On Sat, Jan 30, 2016 at 04:09:43PM +0100, Nenad Merdanovic wrote:
> In a decent;y sized environment getting several tens of millions
> requests per day, statistics I gathered show that there is about 85-88%
> of clients that support ECDSA. Using that and TLS keys, switching to
> full HTTPS was
Thanks Willy.
We also see very bad performance with HW acceleration (but better than what you
said).
We attribute it to the fact that we can launch only 1 operation at a time in
synchronous manner coupled with the high latency of getting data in and out of
the VMs.
That is why we hope to
Now this is where I probably look stupid but...
Am I correct in stating that the AES-NI is only really useful for file
encryption... and bugger all use for HTTPS/SSL encryption (which is
what we really want) ?
Very happy to be told I'm wrong, because it would be great it it was.
On 29
> Now this is where I probably look stupid but...
>
> Am I correct in stating that the AES-NI is only really useful for file
> encryption... and bugger all use for HTTPS/SSL encryption (which is
> what we really want)?
No, AES-NI is very useful for the symmetric part of HTTPS/TLS when
using AES
Thank you all for your replies.
Yes I want to accelerate the RSA and DHE operations also, which needs approx 2
million CPU cycles per key pair if done in pure SW. The Coleto Creek HW will
give big boost if we can get it to work. AES-NI can help the bulk traffic but
not very helpful for
Hello Eric,
On 1/30/2016 3:44 PM, Eric Chan wrote:
> Thank you all for your replies.
> Yes I want to accelerate the RSA and DHE operations also, which needs approx
> 2 million CPU cycles per key pair if done in pure SW. The Coleto Creek HW
> will give big boost if we can get it to work.
Hi HAproxy team,
Is there a plan to add HW acceleration to your SSL proxy?
I am thinking of using HAproxy with Intel Coleto Creek in asynchronous mode,
wonder if anyone has done the patch work that needs to make that work.
Thanks,
Eric
This email and any attachments thereto may contain private,
Hi Eric,
If you use a hardware device supported by openssl library you'll have
hardware acceleration, for example AES-NI extension is available on
recent cpu's and recent versions of openssl.
I don't know about your Coleto creek device, but i'm sure you can
check with openssl :)
/Björn
On
On Fri, Apr 17, 2015 at 9:32 AM, Kamran Malik kamranma...@cloudflow.net wrote:
hi
I have a rather simple question related to SSL acceleration. I have gone
through some of the email archives but haven't been able to figure this out.
On a server where among other things I am running
hi
I have a rather simple question related to SSL acceleration. I have gone
through some of the email archives but haven't been able to figure this out.
On a server where among other things I am running the HAProxy application I
want to be able to provide an accelerator card (say like a NITROX
10 matches
Mail list logo