Hi list,
This is to request comments regarding the support of openssl 1.1 async mode and
async-capable engine.
openssl s_time utility is used to compare the performance:
#> openssl s_time -new -cipher ECDHE-RSA-AES128-GCM-SHA256 -nbio
With single haproxy process,
software only: ~500 connections per second
Intel QAT engine[1] and async mode on: ~2000 connections per second
Your feedback and comments are greatly appreciated.
Thanks,
Grant
[1] Intel QAT openssl engine: https://github.com/01org/QAT_Engine
Grant Zhang (2):
RFC: add openssl engine support
RFC: add openssl async support
include/common/epoll.h | 2 +
include/proto/fd.h | 8 +++
include/proto/ssl_sock.h | 2 +
include/types/connection.h | 2 +
include/types/fd.h | 1 +
include/types/global.h | 2 +
src/cfgparse.c | 31 ++++++++++
src/ev_epoll.c | 11 ++++
src/fd.c | 13 +++++
src/haproxy.c | 4 ++
src/ssl_sock.c | 142 +++++++++++++++++++++++++++++++++++++++++++++
11 files changed, 218 insertions(+)
--
1.9.1
This is to request comments regarding the support of openssl 1.1 async mode and
async-capable engine.
openssl s_time utility is used to compare the performance:
#> openssl s_time -new -cipher ECDHE-RSA-AES128-GCM-SHA256 -nbio
With single haproxy process,
software only: ~500 connections per second
Intel QAT engine[1] and async mode on: ~2000 connections per second
Your feedback and comments are greatly appreciated.
Thanks,
Grant
[1] Intel QAT openssl engine: https://github.com/01org/QAT_Engine
Grant Zhang (2):
RFC: add openssl engine support
RFC: add openssl async support
include/common/epoll.h | 2 +
include/proto/fd.h | 8 +++
include/proto/ssl_sock.h | 2 +
include/types/connection.h | 2 +
include/types/fd.h | 1 +
include/types/global.h | 2 +
src/cfgparse.c | 31 ++++++++++
src/ev_epoll.c | 11 ++++
src/fd.c | 13 +++++
src/haproxy.c | 4 ++
src/ssl_sock.c | 142 +++++++++++++++++++++++++++++++++++++++++++++
11 files changed, 218 insertions(+)
--
1.9.1