SSL acceleration
Encyclopedia
SSL acceleration is a method of offloading the processor-intensive public key encryption algorithms involved in SSL
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...

 transactions to a hardware accelerator.

Typically this means having a separate card that plugs into a PCI slot in a computer that contains one or more co-processors
Coprocessor
A coprocessor is a computer processor used to supplement the functions of the primary processor . Operations performed by the coprocessor may be floating point arithmetic, graphics, signal processing, string processing, or encryption. By offloading processor-intensive tasks from the main processor,...

 able to handle much of the SSL processing.

SSL accelerators may use off the shelf CPUs, but most use custom ASIC
ASIC
ASIC may refer to:* Application-specific integrated circuit, an integrated circuit developed for a particular use, as opposed to a customised general-purpose device.* ASIC programming language, a dialect of BASIC...

s and RISC chips to do most of the difficult computational work.

How it works

The most computationally expensive part of an SSL session is the SSL handshake, where the SSL server (usually an SSL webserver) and the SSL client (usually a web browser) agree on a number of parameters that establish the security of the connection.

Part of the role of the SSL handshake is to agree on session keys (symmetric keys, used for the duration of a given session), but the encryption and signature of the SSL handshake messages itself is done using asymmetric keys (contained in the certificates), which requires more computational power than the symmetric cryptography used for the encryption/decryption of the session data.

Typically a hardware SSL accelerator will offload processing of the SSL handshake while leaving the server software to process the less intense symmetric cryptography of the actual SSL data exchange, but some accelerators act as a proxy handling all SSL operations and leaving the server seeing only unencrypted connections.

Because TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...

 is essentially an updated form of SSL, TLS session acceleration is essentially the same thing as SSL acceleration.

TLS & SSL

TLS 1 was first defined in RFC 2246 in January 1999 as an upgrade to SSL Version 3.

As stated in the RFC, "the differences between this protocol and SSL 3 are not dramatic, but they are significant enough that TLS 1 and SSL 3 do not interoperate." TLS 1 does include a means by which a TLS implementation can downgrade the connection to SSL 3.

The current version of TLS (1.2) was defined in RFC 5246 in August 2008. It is based on the earlier TLS 1.1 specification.

Vendors

  • A10 Networks
    A10 Networks
    A10 Networks is a privately held company specializing in the manufacture of application delivery controllers . Founded in 2004 by Lee Chen, co-founder of Foundry Networks, A10 originally serviced just the identity management market with its line of ID Series products...

  • Barracuda Networks
    Barracuda Networks
    Barracuda Networks, Inc. is a privately held company providing security, networking and storage solutions based on appliances and cloud services. The company’s security products include solutions for protection against email, web surfing, web hackers and instant messaging threats such as spam,...

  • Array Networks
    Array Networks
    Founded in 2000, and headquartered in Silicon Valley, California, Array Networks is a global technology company that addresses problems related to securely delivering enterprise applications to end users....

  • CAI Networks
    CAI Networks
    CAI Networks, Inc. is a privately held company providing network products for e-commerce, government, and IT industries. It was established in 1998 and since January 2000 is based in Santa Ana, California. It has engineering offices in the USA, UK, Taiwan, and China. It has thousands customers in...

  • Cavium Networks
    Cavium Networks
    Cavium is a San Jose, California-based company specializing in ARM-based and MIPS-based network, video and security processors. Cavium offers processor and board level products targeting routers, switches, appliances, storage and servers.-Major acquisitions::...

  • Cisco Systems
    Cisco Systems
    Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, United States, that designs and sells consumer electronics, networking, voice, and communications technology and services. Cisco has more than 70,000 employees and annual revenue of US$...


  • Citrix Systems
    Citrix Systems
    Citrix Systems, Inc. is a multinational corporation founded in 1989, that provides server and desktop virtualization, networking, software-as-a-service , and cloud computing technologies, including Xen open source products....

  • Cotendo
    Cotendo
    Cotendo, Inc. is a content delivery networkand an application delivery networkservice provider. The company's headquarters are in Sunnyvale, California, with research and development based in Netanya, Israel.- Mobile Acceleration Suite :...

  • Coyote point systems
    Coyote Point Systems
    Coyote Point Systems is a manufacturer of computer networking equipment for application traffic management, also known as server load balancing....

  • Crescendo Networks
    Crescendo Networks
    Crescendo Networks, Ltd. was a privately held computer networking company headquartered in Sunnyvale, California with regional offices in EMEA and APAC...

  • Exinda
    Exinda
    Exinda is a United States technology company that provides computer networking products and services. Headquartered in Andover, Massachusetts, Exinda delivers WAN optimization and network bandwidth management solutions to small and medium-sized enterprises....

  • F5 Networks
    F5 Networks
    F5 Networks, Inc. is a networking appliances company. It is headquartered in Seattle, Washington and has development and marketing offices worldwide. It originally manufactured and sold some of the very first load balancing products...


  • Foundry Networks
    Foundry Networks
    Foundry Networks, Inc. was a networking hardware vendor selling high-end Ethernet switches and routers. The company was founded in 1996 by Bobby R. Johnson, Jr. and was headquartered in Santa Clara, California, USA...

  • Freescale Semiconductor
    Freescale Semiconductor
    Freescale Semiconductor, Inc. is a producer and designer of embedded hardware, with 17 billion semiconductor chips in use around the world. The company focuses on the automotive, consumer, industrial and networking markets with its product portfolio including microprocessors, microcontrollers,...

  • Hifn
    Hifn
    Hifn is a semiconductor manufacturer founded in 1996 as a spin-off from Stac Electronics. The company is headquartered in Los Gatos, California, and has offices in North America, Europe and Asia. It is active in the market of security processors...

  • IBM
    IBM
    International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...

  • Juniper Networks
    Juniper Networks
    Juniper Networks is an information technology and computer networking products multinational company, founded in 1996. It is head quartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services...

  • Nortel Networks

  • Radware
    Radware
    Radware , is a provider of integrated Application delivery, Network Security and Load balancing solutions based in Tel Aviv, Israel. Radware, which is a member of the Rad Group of companies, is a public company and its shares are traded on NASDAQ.- History :...

  • Riverbed Technology
    Riverbed Technology
    Riverbed Technology is a technology company that specializes in improving the performance of networks and networked applications. It was founded May 23, 2002 by Jerry Kennelly and Steve McCanne in San Francisco, California where its world headquarters remains...

  • Strangeloop Networks
    Strangeloop Networks
    Strangeloop Networks Inc is a company that develops front-end website optimization technology. The company's flagship product is the Strangeloop Site Optimizer, technology that automatically streamlines web page HTML code and resources, allowing pages to render faster at the user's browser level...

  • Sun Microsystems
    Sun Microsystems
    Sun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...



See also

Related technologies
  • Co-Processor
    Coprocessor
    A coprocessor is a computer processor used to supplement the functions of the primary processor . Operations performed by the coprocessor may be floating point arithmetic, graphics, signal processing, string processing, or encryption. By offloading processor-intensive tasks from the main processor,...

  • Public-key cryptography
  • SSL
    Transport Layer Security
    Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...

  • Stunnel
    Stunnel
    Stunnel is an open-source multi-platform computer program, used to provide universal TLS/SSL tunneling service.Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. It runs on a variety of operating systems , including most...


External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK