OpenSSL 1.1.0 to support QuickAssist and other optimizations

2
Intel Quick Assist Adapter 8950
Intel Quick Assist Adapter 8950

Ever since we had the first Intel Rangeley platform (C2758) we have been awaiting a killer application with wide adoption for QuickAssist. When Rangeley arrived, there were very few applications that did take advantage of the technology. We have heard rumblings that QuickAssist was going to move from a niche feature to mainstream in future generations of Intel processors. Nothing confirmed, but we have seen other vendors start to offer similar functionality. We finally have (official) confirmation that Intel QuickAssist technology is going to be supported in OpenSSL 1.1.0.

Here is a tweet this week from Rich Salz from Akamai and the OpenSSL foundation:

We are still not allowed to share some other rumor/ information we have. Suffice to say, we expect OpenSSL 1.1.0 to have not just Intel QickAssist Technology supported but also major performance improvements for other vendor’s acceleration technologies as well.

Why QuickAssist with OpenSSL matter?

There has been a major push for encryption over the past few years, and that push has only intensified. OpenSSL is perhaps the most widely used encryption technology on the web today. For example, when the Heartbleed OpenSSL vulnerability came out, it caused widespread panic simply because of how prevalent OpenSSL is. As we move to HTTP/2 we are going to see a continued push towards more web service encryption. The STH main site is scheduled to move to a HTTPS URL when we move to HTTP/2. The forums are already using HTTPS and will continue to do so when we move from SPDY to HTTP/2 there.

Intel Quick Assist Adapter 8950
Intel Quick Assist Adapter 8950

We currently have two of the Intel QuickAssist Adapter 8950 cards in the STH labs and have been using a patched version of OpenSSL. From our initial testing, the performance improvement is quite dramatic. The guide for patching older OpenSSL versions and popular applications for asynchronous OpenSSL is a bit long. Having out-of-the-box support will mean a much easier path to speed-ups. Furthermore, others have reported that we will see the QAT engine onboard future Intel platforms. Given Intel’s market share, that will make SSL encryption a significantly lower burden on future servers.

As we see OpenSSL 1.1.0 move from beta to final, we are excited for the performance gains we are already seeing.

2 COMMENTS

  1. does that mean that qucikassist on xeon-d or e5v3/v4 would be supported with that openssl version?

LEAVE A REPLY

Please enter your comment!
Please enter your name here