SSL Offloading
In the SSL offloading scenario, Nginx is used as the unified network access entry, and HTTPS is used for secure transmission.
The KAE provided by the Kunpeng processors of Kunpeng servers offloads the processing of SSL/TLS encryption and decryption algorithms in HTTPS transmission scenarios, greatly improving HTTPS processing performance.
This solution accelerates the asymmetric encryption and decryption in the process of SSL/TLS handshakes during HTTPS request processing. As shown in Figure 1, Nginx asynchronously invokes the KAE of OpenSSL to implement the acceleration. The RSA2048 algorithm computation during encryption is done in hardware rather than by the CPUs. Kunpeng servers support 100,000 OPS. As shown in Table 1, the KAE provides the OpenSSL API and custom API, which can be used by Nginx and user-developed software.
|
Interface |
Description |
Typical Application |
|---|---|---|
|
OpenSSL API |
The KAE is integrated into OpenSSL as an engine. |
Nginx and user-developed software |
|
Custom API |
The user-mode library is used to invoke user-developed software. |
User-developed software |
This solution is implemented by the KAE integrated in Kunpeng processors. It provides high performance and features low power consumption.