SSL acceleration
Encyclopedia
SSL acceleration is a method of offloading the processor-intensive public key encryption algorithms involved in SSL
transactions to a hardware accelerator.
Typically this means having a separate card that plugs into a PCI slot in a computer that contains one or more co-processors
able to handle much of the SSL processing.
SSL accelerators may use off the shelf CPUs, but most use custom ASIC
s and RISC chips to do most of the difficult computational work.
Part of the role of the SSL handshake is to agree on session keys (symmetric keys, used for the duration of a given session), but the encryption and signature of the SSL handshake messages itself is done using asymmetric keys (contained in the certificates), which requires more computational power than the symmetric cryptography used for the encryption/decryption of the session data.
Typically a hardware SSL accelerator will offload processing of the SSL handshake while leaving the server software to process the less intense symmetric cryptography of the actual SSL data exchange, but some accelerators act as a proxy handling all SSL operations and leaving the server seeing only unencrypted connections.
Because TLS
is essentially an updated form of SSL, TLS session acceleration is essentially the same thing as SSL acceleration.
As stated in the RFC, "the differences between this protocol and SSL 3 are not dramatic, but they are significant enough that TLS 1 and SSL 3 do not interoperate." TLS 1 does include a means by which a TLS implementation can downgrade the connection to SSL 3.
The current version of TLS (1.2) was defined in RFC 5246 in August 2008. It is based on the earlier TLS 1.1 specification.
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
transactions to a hardware accelerator.
Typically this means having a separate card that plugs into a PCI slot in a computer that contains one or more co-processors
Coprocessor
A coprocessor is a computer processor used to supplement the functions of the primary processor . Operations performed by the coprocessor may be floating point arithmetic, graphics, signal processing, string processing, or encryption. By offloading processor-intensive tasks from the main processor,...
able to handle much of the SSL processing.
SSL accelerators may use off the shelf CPUs, but most use custom ASIC
ASIC
ASIC may refer to:* Application-specific integrated circuit, an integrated circuit developed for a particular use, as opposed to a customised general-purpose device.* ASIC programming language, a dialect of BASIC...
s and RISC chips to do most of the difficult computational work.
How it works
The most computationally expensive part of an SSL session is the SSL handshake, where the SSL server (usually an SSL webserver) and the SSL client (usually a web browser) agree on a number of parameters that establish the security of the connection.Part of the role of the SSL handshake is to agree on session keys (symmetric keys, used for the duration of a given session), but the encryption and signature of the SSL handshake messages itself is done using asymmetric keys (contained in the certificates), which requires more computational power than the symmetric cryptography used for the encryption/decryption of the session data.
Typically a hardware SSL accelerator will offload processing of the SSL handshake while leaving the server software to process the less intense symmetric cryptography of the actual SSL data exchange, but some accelerators act as a proxy handling all SSL operations and leaving the server seeing only unencrypted connections.
Because TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
is essentially an updated form of SSL, TLS session acceleration is essentially the same thing as SSL acceleration.
TLS & SSL
TLS 1 was first defined in RFC 2246 in January 1999 as an upgrade to SSL Version 3.As stated in the RFC, "the differences between this protocol and SSL 3 are not dramatic, but they are significant enough that TLS 1 and SSL 3 do not interoperate." TLS 1 does include a means by which a TLS implementation can downgrade the connection to SSL 3.
The current version of TLS (1.2) was defined in RFC 5246 in August 2008. It is based on the earlier TLS 1.1 specification.
Vendors
- A10 NetworksA10 NetworksA10 Networks is a privately held company specializing in the manufacture of application delivery controllers . Founded in 2004 by Lee Chen, co-founder of Foundry Networks, A10 originally serviced just the identity management market with its line of ID Series products...
- Barracuda NetworksBarracuda NetworksBarracuda Networks, Inc. is a privately held company providing security, networking and storage solutions based on appliances and cloud services. The company’s security products include solutions for protection against email, web surfing, web hackers and instant messaging threats such as spam,...
- Array NetworksArray NetworksFounded in 2000, and headquartered in Silicon Valley, California, Array Networks is a global technology company that addresses problems related to securely delivering enterprise applications to end users....
- CAI NetworksCAI NetworksCAI Networks, Inc. is a privately held company providing network products for e-commerce, government, and IT industries. It was established in 1998 and since January 2000 is based in Santa Ana, California. It has engineering offices in the USA, UK, Taiwan, and China. It has thousands customers in...
- Cavium NetworksCavium NetworksCavium is a San Jose, California-based company specializing in ARM-based and MIPS-based network, video and security processors. Cavium offers processor and board level products targeting routers, switches, appliances, storage and servers.-Major acquisitions::...
- Cisco SystemsCisco SystemsCisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, United States, that designs and sells consumer electronics, networking, voice, and communications technology and services. Cisco has more than 70,000 employees and annual revenue of US$...
- Citrix SystemsCitrix SystemsCitrix Systems, Inc. is a multinational corporation founded in 1989, that provides server and desktop virtualization, networking, software-as-a-service , and cloud computing technologies, including Xen open source products....
- CotendoCotendoCotendo, Inc. is a content delivery networkand an application delivery networkservice provider. The company's headquarters are in Sunnyvale, California, with research and development based in Netanya, Israel.- Mobile Acceleration Suite :...
- Coyote point systemsCoyote Point SystemsCoyote Point Systems is a manufacturer of computer networking equipment for application traffic management, also known as server load balancing....
- Crescendo NetworksCrescendo NetworksCrescendo Networks, Ltd. was a privately held computer networking company headquartered in Sunnyvale, California with regional offices in EMEA and APAC...
- ExindaExindaExinda is a United States technology company that provides computer networking products and services. Headquartered in Andover, Massachusetts, Exinda delivers WAN optimization and network bandwidth management solutions to small and medium-sized enterprises....
- F5 NetworksF5 NetworksF5 Networks, Inc. is a networking appliances company. It is headquartered in Seattle, Washington and has development and marketing offices worldwide. It originally manufactured and sold some of the very first load balancing products...
- Foundry NetworksFoundry NetworksFoundry Networks, Inc. was a networking hardware vendor selling high-end Ethernet switches and routers. The company was founded in 1996 by Bobby R. Johnson, Jr. and was headquartered in Santa Clara, California, USA...
- Freescale SemiconductorFreescale SemiconductorFreescale Semiconductor, Inc. is a producer and designer of embedded hardware, with 17 billion semiconductor chips in use around the world. The company focuses on the automotive, consumer, industrial and networking markets with its product portfolio including microprocessors, microcontrollers,...
- HifnHifnHifn is a semiconductor manufacturer founded in 1996 as a spin-off from Stac Electronics. The company is headquartered in Los Gatos, California, and has offices in North America, Europe and Asia. It is active in the market of security processors...
- IBMIBMInternational Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
- Juniper NetworksJuniper NetworksJuniper Networks is an information technology and computer networking products multinational company, founded in 1996. It is head quartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services...
- Nortel Networks
- RadwareRadwareRadware , is a provider of integrated Application delivery, Network Security and Load balancing solutions based in Tel Aviv, Israel. Radware, which is a member of the Rad Group of companies, is a public company and its shares are traded on NASDAQ.- History :...
- Riverbed TechnologyRiverbed TechnologyRiverbed Technology is a technology company that specializes in improving the performance of networks and networked applications. It was founded May 23, 2002 by Jerry Kennelly and Steve McCanne in San Francisco, California where its world headquarters remains...
- Strangeloop NetworksStrangeloop NetworksStrangeloop Networks Inc is a company that develops front-end website optimization technology. The company's flagship product is the Strangeloop Site Optimizer, technology that automatically streamlines web page HTML code and resources, allowing pages to render faster at the user's browser level...
- Sun MicrosystemsSun MicrosystemsSun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...
See also
Related technologies- Co-ProcessorCoprocessorA coprocessor is a computer processor used to supplement the functions of the primary processor . Operations performed by the coprocessor may be floating point arithmetic, graphics, signal processing, string processing, or encryption. By offloading processor-intensive tasks from the main processor,...
- Public-key cryptography
- SSLTransport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
- StunnelStunnelStunnel is an open-source multi-platform computer program, used to provide universal TLS/SSL tunneling service.Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. It runs on a variety of operating systems , including most...