On 10/28/21 7:34 AM, Shawn Heisey wrote:
Does haproxy's use of openssl turn on the same option that the commandline does with the -evp argument? If it does, then I think everything is probably OK.
Running "grep -r EVP ." in the haproxy source tree turns up a lot of hits in the TLS/SSL code. So I think that haproxy is most likely using EVP, and since I am running haproxy on bare metal and not in a VM (which might mask the aes CPU flag), it probably is using acceleration. Just in case, I did add the openssl bitmap environment variable (the one with + instead of ~) to my haproxy systemd unit.
Thanks, Shawn
