Re: Dealing with SSL processing via hardware

Henrick Hellström [StreamSec] wrote:
Dennis Landi wrote:

Is there any way for an external client to know how the SSL processing is occurring on the server (whether via software or hardware)?


That probably depends on the hardware.

* If the "hardware" is basically just a single CPU computer with Linux and OpenSSL installed on ROM wrapped in a sealed box, then I would suppose you could emulate the exact same performance characteristics by adding another CPU to your main server computer and only using that CPU for running the same SSL and socket software you would have inside the sealed box. IOW the answer would be "no".


Well, that's interesting. Given your own tools, would it be possible for you to provide the equivalent of a "single CPU computer with Linux and OpenSSL installed on ROM wrapped in a sealed box"? If you like we can follow up on that in 3rd Party tools.


* If the hardware is "proper hardware" meaning parallel dedicated chips for each supported algorithm (RSA, SHA-1, MD5, AES, DES etc) and multiple CPUs for SSL protocol processing, then I would assume you can write an external client that is able to spot it using statistical analysis of rather modest amounts of data. That external client would simply test if a second (or third or fourth etc, depending on the number of CPUs on the server) request using a separate socket, connecting immediately after the SSL handshake of the first connections finished, would slow down a first request. If it doesn't on average slow down the response to the first request, then the server is most likely using a SSL accelerator. Otherwise the server is most likely not using a SSL accelerator.

Ok, and let's say there were weaknesses in the algorithms of these chips. How much of this can be fixed via firmware updates? Obviously it depends on the vendor and how much depends on firmware; but to your knowledge does firmware play a significant role at all?

-d
.

Relevant Pages

  • Re: Performance of processing
    ... level of aggregations in the cubes ... I have an Intel server where all individual benchmarks (disk, memory, cpu) ... the cubes) will take on a particular hardware. ...
    (microsoft.public.sqlserver.olap)
  • Re: Performance of processing
    ... level of aggregations in the cubes ... I have an Intel server where all individual benchmarks (disk, memory, cpu) ... the cubes) will take on a particular hardware. ...
    (microsoft.public.sqlserver.olap)
  • Re: Dealing with SSL processing via hardware
    ... If the "hardware" is basically just a single CPU computer with Linux and OpenSSL installed on ROM wrapped in a sealed box, then I would suppose you could emulate the exact same performance characteristics by adding another CPU to your main server computer and only using that CPU for running the same SSL and socket software you would have inside the sealed box. ...
    (borland.public.delphi.non-technical)
  • Re: Server keeps dying silently
    ... having narrowed down the obvious hardware suspects. ... I purchased a used server (ok alarm bells ring but don't diss the purchase ... P4 2.4 CPU ... Could it possibly be bad capacitors? ...
    (microsoft.public.windows.server.general)
  • Re: Server keeps dying silently
    ... having narrowed down the obvious hardware suspects. ... I purchased a used server (ok alarm bells ring but don't diss the purchase ... P4 2.4 CPU ... Could it possibly be bad capacitors? ...
    (microsoft.public.windows.server.general)