Dave, Did you run any comparison performance tests using the QAT engine ? Specifically around these configurations(or similar)
1. ATS + Openssl 1.1.0(x) + QAT engine(sync) 2. ATS + Openssl 1.1.0(x) + standard aes-ni acceleration On Wed, Sep 20, 2017 at 11:26 AM, Dave Thompson <[email protected]> wrote: > July 2016, I was evaluating the async Quick Assist in the context of ATS, > and came away with the opinion it's value comes into play with a much > simpler application. It's effectively it's own async engine, long jumping > across the stack, and doesn't play well or add value to ATS's more > extensive model to do similar.... not to mention mutually exclusive in their > current forms. > > Dave > > > > On Wed, Sep 20, 2017 at 10:08 AM, Alan Carroll <[email protected]> > wrote: >> >> Susan and Dave Thompson were working on something related to that, "crypto >> proxy". There's a small mention of it by Susan at the Fall 2016 summit in >> the TLS state slides >> (https://cwiki.apache.org/confluence/display/TS/Presentations+-+2016). I'd >> start there and see if you can bug Susan or Good Dave*. Although that work >> was designed to use an off box crypto engine, the implementation from the >> ATS point of view is identical to what you're writing about. Susan will be >> at the Fall 2017 Summit, I'd look her up then as well. >> >> * To distinguish from "Evil Dave" Carlin. >> >> On Wed, Sep 20, 2017 at 9:44 AM, Jeremy Payne <[email protected]> wrote: >>> >>> Thanks guys.. Thats all I needed to know.. Now I can look closer at my >>> end. Will let you know what I find. >>> >>> Also, any plans on supporting openssl async, which then allows for >>> taking full advantage of the Intel QAT engine? >>> Understood patches/commits are welcome, but just figured there may be >>> some behind the scene works already started. >>> >>> Thanks! >>> >>> On Tue, Sep 19, 2017 at 6:31 PM, Alan Carroll <[email protected]> >>> wrote: >>> > Susan has also run some performance tests with 7.1.x and openSSL 1.1 >>> > vs. >>> > openSSL 1.0.2. >>> > >>> > On Tue, Sep 19, 2017 at 5:55 PM, Leif Hedstrom <[email protected]> >>> > wrote: >>> >> >>> >> >>> >> On Sep 19, 2017, at 2:20 PM, Jeremy Payne <[email protected]> wrote: >>> >> >>> >> I can link ATS 7.x and 8.x against openssl 1.1.0f, however, for some >>> >> reason I can't establish a SSL/TLS connection. Has anyone >>> >> successfully linked ATS against openssl 1.1.0f and successfully been >>> >> able to establish a SSL/TLS session? >>> >> In other words, is openssl 1.1.0f supported by ATS? If not, what about >>> >> an earlier version of 1.1.0(x)?? >>> >> >>> >> >>> >> >>> >> Yeh, we’re running current master with OpenSSL v1.1.0f on >>> >> docs.trafficserver.apache.org. Maybe you have some mismatch / issues >>> >> between >>> >> headers (when compiling ATS) and runtime? >>> >> >>> >> Cheers, >>> >> >>> >> — Leif >>> >> >>> > >> >> >
