(Only for Servers With Kunpeng 920 7280Z) Encryption and Decryption Performance Tuning With the KAE Software and Hardware Algorithm Combination

In the single-instance scenario where ssl_session_cache and ssl_session_tickets are set to off, KAE is enabled and HTTPS short connections are tested. The test result is not as expected due to the limited performance boost provided by KAE for the RSA encryption and decryption algorithm. To improve the overall performance, use the KAE software and hardware combination strategy.

Create and configure the OpenSSL configuration file for Nginx to use KAE.

Create an openssl.cnf file.
1
vi openssl.cnf

Press i to enter the insert mode, add the following content to openssl.cnf, and save openssl.cnf to the /home directory:

openssl_conf=openssl_def
[openssl_def]
engines=engine_section
[engine_section]
kae=kae_section
[kae_section]
engine_id=kae
dynamic_path=/usr/local/lib/engines-1.1/kae.so
default_algorithms=ALL
init=1

Press Esc, type :wq!, and press Enter to save the file and exit.
Enable KAE.
```
export OPENSSL_CONF=/home/openssl.cnf
```

Before starting Nginx, set the environment variable KAE_GO_SOFT_RATIO to specify the ratio of the RSA encryption and decryption algorithm used for processing software. This function is only available in the specific dev_rsa_dispatch branch version.
```
export KAE_GO_SOFT_RATIO=33
```

Compare performance before and after KAE is enabled.

Create a script file, for example, test.sh, on the client.
```
vi test.sh
```

Press i to enter the insert mode and add the following content to the script file:

#!/bin/bash
function test()
{
taskset -c 0-9 wrk -H "Connection: Close"  -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 10-19 wrk -H "Connection: Close" -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 20-29 wrk -H "Connection: Close"  -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 30-39 wrk -H "Connection: Close"  -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 40-49 wrk -H "Connection: Close"  -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 50-59 wrk -H "Connection: Close"  -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 60-69 wrk -H "Connection: Close" -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 70-79 wrk -H "Connection: Close"  -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 80-89 wrk -H "Connection: Close" -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 90-99 wrk -H "Connection: Close" -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
taskset -c 100-109 wrk -H "Connection: Close" -t 11 -c  200 -d 60  https://$IP:$port/index.html  &
wait
}
test > result.log
cat result.log |grep Requests/sec | awk '{print $2}' | awk '{sum+=$1} END {print sum}'

Press Esc, type :wq!, and press Enter to save the file and exit.
Run the script to check the performance metrics before and after KAE is enabled.
```
sh test.sh
```
- Before KAE is enabled, the performance metric is 120340.
- After KAE is enabled, the performance metric is 181411.
The performance metrics before and after KAE is enabled are 120340 and 181411, respectively. The performance is improved by about 50%.

For details about how to enable and disable KAE for Nginx, see Nginx Performance Tuning With KAE When Processing HTTPS Connection Requests.

Parent topic: Enabling KAE Encryption and Decryption on a Physical Machine