2011年3月9日星期三

nginx how too enable intel aesni engine

Hi Nginx.

I have Intel(R) Xeon(R) CPU E5620 based web-server.
I have managed to patch the openssl ver 1.0.0 so i have support for the
AES-NI engine.

openssl engine -t

(aesni) Intel AES-NI engine
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
(4758cca) IBM 4758 CCA hardware engine support
[ unavailable ]
(aep) Aep hardware engine support
[ unavailable ]
(atalla) Atalla hardware engine support
[ unavailable ]
(cswift) CryptoSwift hardware engine support
[ unavailable ]
(chil) CHIL hardware engine support
[ unavailable ]
(nuron) Nuron hardware engine support
[ unavailable ]
(sureware) SureWare hardware engine support
[ unavailable ]
(ubsec) UBSEC hardware engine support
[ unavailable ]
(gost) Reference implementation of GOST engine
[ available ]

openssl speed -engine aesni -evp aes-256-cbc

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-256-cbc 405328.44k 421965.16k 426290.26k 426056.02k
427277.19k

This is 3 times higher performance than without the aes-ni patch.

Under my ssl setup in nginx i have these lines

ssl on;
ssl_certificate /usr/local/nginx/conf/mysite.crt;
ssl_certificate_key /usr/local/nginx/conf/mysite.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3;
#ssl_engine aesni;
ssl_ciphers AES256-SHA:1024:256:HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;

When i enable the line
ssl_engine aesni;

I got an error
[emerg]: unknown directive "ssl_engine" in
/usr/local/nginx/conf/nginx.conf:66

How should i take advance on the aes-ni speedup ????

/Michael

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,181676,181676#msg-181676


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

没有评论:

发表评论