Explore the OpenSSL Hardware Offload Enhancement in this conference talk by Ping Yu from Intel. Delve into the practical experience of utilizing and enhancing the asynchronous acceleration framework in OpenSSL to enable high-performance, low CPU utilization TLS acceleration in Nginx and Fd.io/VPP. Learn about resolving challenges in enterprise-grade deployment, including CPU/memory consumption and user private key protection. Discover the recent enhancements for a more efficient, high-performance kernel bypass asynchronous communication mechanism, now merged into OpenSSL 3.0.0 master branch. Cover topics such as TLS hardware acceleration, Intel® QuickAssist Technology, synchronous vs asynchronous modes, fiber-based asynchronous mechanisms, event notification, enhanced callback mechanisms, and key protection technology.
OpenSSL Hardware Offload Enhancement for TLS Acceleration
Overview
Syllabus
Intro
Motivation - TLS everywhere
TLS Hardware Acceleration
Intel® QuickAssist Technology
Background - Synchronous Mode
Synchronous Mode vs Asynchronous Mode
OpenSSL asynchronous introduction Fiber based asynchronous mechanism
Apply OpenSSL asynchronous in Nginx
Event notification
Enhanced callback mechanism
Enable TLS support based on user space VPP stack
Key protection technology
Taught by
Linux Foundation
