TLS acceleration

Sun Microsystems SSL accelerator PCI card introduced in 2002

TLS acceleration (formerly known as SSL acceleration) is a method of offloading processor-intensive

public-key encryption for Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL)^[1]

to a hardware accelerator.

Typically this means having a separate card that plugs into a

PCI slot in a computer that contains one or more coprocessors

able to handle much of the SSL processing.

TLS accelerators may use off-the-shelf

RISC

chips to do most of the difficult computational work.

Principle of TLS acceleration operation

The most computationally expensive part of a TLS session is the TLS handshake, where the TLS server (usually a webserver) and the TLS client (usually a web browser) agree on a number of parameters that establish the security of the connection. During the TLS handshake the server and the client establish session keys (symmetric keys, used for the duration of a given session), but the encryption and signature of the TLS handshake messages itself is done using asymmetric keys, which requires more computational power than the symmetric cryptography used for the encryption/decryption of the session data.

Typically a hardware TLS accelerator will offload processing of the TLS handshake while leaving it to the server software to process the less intense

symmetric cryptography of the actual TLS data exchange, but some accelerators handle all TLS operations and terminate the TLS connection, thus leaving the server seeing only decrypted connections. Sometimes data centers employ dedicated servers for TLS acceleration in a reverse proxy

configuration.

Central processor support

Modern x86 CPUs support Advanced Encryption Standard (AES) encoding and decoding in hardware, using the AES instruction set proposed by Intel in March 2008.

pseudo-random number generator.^[2]

References

ISBN 978-1-284-23004-8
.

^ [PATCH v5] crypto: Add Allwinner Security System crypto accelerator on Linux ARM kernel mailing list

External links

SSL Acceleration and Offloading: What Are the Security Implications?

Theory

Universal Turing machine

Parallel computing

Distributed computing

Applications

GPU
GPGPU

DirectX

Audio

Digital signal processing

Hardware random number generation

Neural processing unit

Cryptography
TLS

Machine vision

Custom hardware attack
scrypt

Networking

Data

Implementations

High-level synthesis
C to HDL

FPGA

ASIC

CPLD

System on a chip
Network on a chip

Architectures

Dataflow

Transport triggered

Multicore

Manycore

Heterogeneous

In-memory computing

Systolic array

Neuromorphic

Related

Programmable logic

Processor
design

chronology

Digital electronics

Virtualization
Hardware emulation

Logic synthesis

Embedded systems

Retrieved from "https://en.wikipedia.org/w/index.php?title=TLS_acceleration&oldid=1283301905"

[1] ISBN 978-1-284-23004-8
.

[2] [PATCH v5] crypto: Add Allwinner Security System crypto accelerator on Linux ARM kernel mailing list

[1]

[2]

Principle of TLS acceleration operation

Central processor support

See also

References

External links