TLS acceleration (formerly known as SSL acceleration) is a method of offloading processor-intensive public-key encryption for Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) to a hardware accelerator. Typically this means having a separate card that plugs into a PCI slot in a computer that contains one or more coprocessors able to handle much of the SSL processing. TLS accelerators may use off-the-shelf CPUs, but most use custom

ASIC An application-specific integrated circuit (ASIC ) is an integrated circuit (IC) chip customized for a particular use, rather than intended for general-purpose use, such as a chip designed to run in a digital voice recorder or a high-efficien ...

and

RISC In computer engineering, a reduced instruction set computer (RISC) is a computer designed to simplify the individual instructions given to the computer to accomplish tasks. Compared to the instructions given to a complex instruction set comput ...

chips to do most of the difficult computational work.

Principle of TLS acceleration operation

The most computationally expensive part of a TLS session is the TLS handshake, where the TLS server (usually a webserver) and the TLS client (usually a web browser) agree on a number of parameters that establish the security of the connection. During the TLS handshake the server and the client establish session keys (symmetric keys, used for the duration of a given session), but the encryption and signature of the TLS handshake messages itself is done using asymmetric keys, which requires more computational power than the symmetric cryptography used for the encryption/decryption of the session data. Typically a hardware TLS accelerator will offload processing of the TLS handshake while leaving it to the server software to process the less intense

symmetric cryptography Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between th ...

of the actual TLS data exchange, but some accelerators handle all TLS operations and terminate the TLS connection, thus leaving the server seeing only decrypted connections. Sometimes data centers employ dedicated servers for TLS acceleration in a reverse proxy configuration.

Central processor support

Modern x86 CPUs support Advanced Encryption Standard (AES) encoding and decoding in hardware, using the AES instruction set proposed by Intel in March 2008. Allwinner Technology provides a hardware cryptographic accelerator in its A10, A20, A30 and A80 ARM system-on-chip series, and all ARM CPUs have acceleration in the later ARMv8 architecture. The accelerator provides the

RSA RSA may refer to: Organizations Academia and education * Rabbinical Seminary of America, a yeshiva in New York City *Regional Science Association International (formerly the Regional Science Association), a US-based learned society *Renaissance S ...

public-key algorithm, several widely used

symmetric-key algorithm Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between th ...

s, cryptographic hash functions, and a cryptographically secure pseudo-random number generator.[PATCH v5] crypto: Add Allwinner Security System crypto accelerator
on Linux ARM kernel mailing list

References

External links

SSL Acceleration and Offloading: What Are the Security Implications?
{{Hardware acceleration Hardware acceleration Computer optimization Cryptographic hardware Transport Layer Security

Principle of TLS acceleration operation

Central processor support

See also

References

External links