Acceleration Principles

In the SSL offloading scenario, Tengine is used as the unified network access entry, and HTTPS is used for secure transmission.

The KAE provided by the Kunpeng processors of Kunpeng servers offloads the processing of SSL/TLS encryption and decryption algorithms in HTTPS transmission from the CPUs, greatly improving HTTPS processing performance.

This solution accelerates the asymmetric encryption and decryption in the process of SSL/TLS handshakes during HTTPS request processing. As shown in Figure 1, Tengine asynchronously invokes the KAE of OpenSSL to implement the acceleration. The RSA2048 algorithm computation during encryption is done in hardware rather than by the CPUs. Kunpeng servers support 100,000 OPS, as shown in Table 1. The KAE provides the OpenSSL API and custom APIs, which can be used by Nginx and user-developed software.

**Table 1** KAE APIs
Interface	Description	Typical Application
OpenSSL API	The KAE is integrated into OpenSSL as an engine.	Nginx and customized software
Customized API	User-mode library used to invoke user-developed software.	User-developed software

Figure 1 RSA encryption and decryption performance improved by the KAE

This solution is implemented by the KAE integrated in Huawei Kunpeng processors. It provides high performance and features low power consumption.

Parent topic: Introduction