Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

haproxy 1.5 supports SSL, and some people do use it as a frontend now.

A single core process won't be able to keep up with SSL handshakes though, since one core can only do around 500 RSA 2048-bit sign/s. Session resumption will help a lot, but I would still want to distribute RSA operations over multiple cores.



haproxy has had multiple process support for quite some time.

... It does introduce some unique side effects but it's possible

also aesni should increase your ssl handshakes (if the cpu supports it)


> also aesni should increase your ssl handshakes (if the cpu supports it)

SSL handshakes are primarily dependent on asymmetric key negotiation (i.e, RSA), which isn't accelerated by AESNI.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: