Another question about the hardware SSL-accelerators, is it really useful with more-or-less modern CPU:s, except perhaps from a security standpoint (there are hopefully no buffer overruns in the hardware...)?
I mean, a normal 2Ghz pentium can rather easily manage 5.000 handshakes per second using 1024bit RSA and openSSLeay 0.9.5 running apache, and can encrypt rather a lot of data (in excess of 125Mbyte/second, it can fill a Gbit ethernet).
This from an OpenSSL performance whitepaper.
Even a 300Mhz ultra can handle about 600 handshakes per second, and can shuffle some 20Mbyte/second.
This from a Elliptic curve cruptografy for SSL report. :-)
So no real speedup will be achieved using hardware algorithms.
Some cpu-offloading, sure, but most reviews of hardware solutions I have read (admittedly a few years ago) have complained about the fact that a lot of CPU is still needed to send messages over the PCI-buss, handle interrupts, etc.
A most likely cheaper solution is a SSL-accelerator _computer_ that you place in front of the real webserver, that handles the [d]encryption, then you have the webserver on another computer.
A new P4 2.5Ghz computer top-of-the-line (best motherboard, memory etc) computer will set you back for $1000 or so.
/ Per Hedbor ()
Previous text:
2003-01-28 14:04: Subject: Re: OpenSSL wrapper vs Pike's SSL (Was: Bz2)
That would be excellent, I think.
By the way, what hardware supports cryptography? On what operative system? How does that work, and should Crypto support it?
/ Mirar