nginx how too enable intel aesni engine
michaelvv
nginx-forum at nginx.us
Wed Mar 9 20:44:47 MSK 2011
Hi Nginx.
I have Intel(R) Xeon(R) CPU E5620 based web-server.
I have managed to patch the openssl ver 1.0.0 so i have support for the
AES-NI engine.
openssl engine -t
(aesni) Intel AES-NI engine
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
(4758cca) IBM 4758 CCA hardware engine support
[ unavailable ]
(aep) Aep hardware engine support
[ unavailable ]
(atalla) Atalla hardware engine support
[ unavailable ]
(cswift) CryptoSwift hardware engine support
[ unavailable ]
(chil) CHIL hardware engine support
[ unavailable ]
(nuron) Nuron hardware engine support
[ unavailable ]
(sureware) SureWare hardware engine support
[ unavailable ]
(ubsec) UBSEC hardware engine support
[ unavailable ]
(gost) Reference implementation of GOST engine
[ available ]
openssl speed -engine aesni -evp aes-256-cbc
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-256-cbc 405328.44k 421965.16k 426290.26k 426056.02k
427277.19k
This is 3 times higher performance than without the aes-ni patch.
Under my ssl setup in nginx i have these lines
ssl on;
ssl_certificate /usr/local/nginx/conf/mysite.crt;
ssl_certificate_key /usr/local/nginx/conf/mysite.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3;
#ssl_engine aesni;
ssl_ciphers AES256-SHA:1024:256:HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
When i enable the line
ssl_engine aesni;
I got an error
[emerg]: unknown directive "ssl_engine" in
/usr/local/nginx/conf/nginx.conf:66
How should i take advance on the aes-ni speedup ????
/Michael
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,181676,181676#msg-181676
More information about the nginx
mailing list