nginx how too enable intel aesni engine
Maxim Dounin
mdounin at mdounin.ru
Thu Mar 10 04:34:07 MSK 2011
Hello!
On Wed, Mar 09, 2011 at 04:14:16PM -0500, michaelvv wrote:
> Hi Maxim.
>
> I have put it into the global session , but i can not see any speed
> difference
> which where huge in openssl.
> Do you know any who have success getting it to work properly.
> I'm missing something but i have googled for 3 hours and i'm
> quite lost.
> Is there any way that i can see which engine nginx are using ?
The missing part is:
In openssl speed tests you see difference on block cipher speed,
while in real life most cpu time is spent on assymetric
algorithms during ssl handshake.
Compare the following results (both are from the same server,
rather old and slow):
$ openssl speed aes-256-cbc
...
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256 cbc 12494.65k 12894.81k 13162.81k 13230.46k 13052.91k
$ openssl speed rsa4096
...
sign verify sign/s verify/s
rsa 4096 bits 0.689448s 0.009975s 1.5 100.3
That is, with AES 256 this server is able to saturate 100 Mbps
link easily. But it is only able to handle about 1.5 handshakes per
second with RSA 4096-bit key (the one with strength comparable to
AES 256).
You may try testing if downloading really big file makes a
difference on cpu usage with and without aesni engine activated,
but you aren't likely to see any difference in real life.
Setting correct ssl_session_cache may be a much more significant
optimization.
Maxim Dounin
More information about the nginx
mailing list