Hi, On Thursday, 28 October 2021, Shawn Heisey <[email protected]> wrote:
> On 10/27/2021 2:54 PM, Lukas Tribus wrote: > >> I'd be surprised if the OpenSSL API calls we are using doesn't support >> AES-NI. >> > > Honestly that would surprise me too. But I have no idea how to find out > whether it's using the acceleration or not, and the limited (and possibly > incorrect) evidence I had suggested that maybe it was disabled by default, > so I wanted to ask the question. I have almost zero knowledge about > openssl API or code, so I can't discern the answer from haproxy code. You want evidence. Then get a raspberry pi, and run haproxy manually, fake the cpu flag aes-ni and it should crash when using aes acceleration, because the cpu doesn't support it. https://romanrm.net/force-enable-openssl-aes-ni-usage Lukas
