# Hardware en-/decryption of TLSv1 via OpenSSL?



## Anonymous (Nov 6, 2012)

I am developing a service in C on a FreeBSD server which optionally allows TLSv1 communication (via OpenSSL) from/to the clients. My server *test* machine is based on a low profile Intel D510MO (Atom Dual Core 1.67 GHz) board, and some benchmarking showed, that plain traffic is 3 to 4 times faster than TLS traffic from/to a MacBook Pro (2,4 GHz). The request/s rate in TLS mode drops down by a factor of 3. At the same time TLS poses a significant load on the servers processors while plain traffic does almost not seem to affect the processors load.

I am now thinking about the *deployment* machine. Are there any options available for Hardware en-/decryption of TLSv1 via OpenSSL on FreeBSD 9.x? Or, should I just invest in pure processor power (what I am going to do anyway)?

Please let me know your experiences and suggestions.


----------



## SirDice (Nov 7, 2012)

rolfheinrich said:
			
		

> Or, should I just invest in pure processor power (what I am going to do anyway)?


The best of both worlds: aesni(4)

As long as applications use crypto(4)/crypto(9) you should benefit from it.


----------

