We have been awaiting OpenSSL 1.1 for some time. It is the first version of OpenSSL that will support Intel QuickAssist Technology QAT out-of-the-box. On platforms such as the Cavium ThunderX we saw significant performance gains using the OpenSSL 1.1 beta. Suffice to say, ever since Rangeley’s release in September 2013, with its integrated QAT engine, this is the release we have been waiting for.
As of today, August 25, 2016 OpenSSL 1.1 is now available at the project’s download page. We will be providing some updated benchmark figures soon based on the new version.
If you look at Intel’s solution brief on OpenSSL with QAT acceleration, one can see that asynchronous performance is greatly improved with QAT.
Intel did send us some Quick Assist cards and let us know that we should pair them with multiple 40GbE adapters and high-end CPUs for the QAT machines and load generation nodes. We also ended up installing new 40GbE switches into the STH lab to handle the load from this and other machines we are testing. Suffice to say, the expected speed increases are significant. More on this testing soon.
OpenSSL is a widely used technology to encrypt web traffic. It is common for web servers and proxy servers to perform OpenSSL termination. Being able to accelerate performance of HTTPS and HTTP/2 connections is something that we are excited about as we look to transition the STH main site to HTTPS over the coming months.
More to come in the next few weeks. We will likely setup a machine or a set of machines in the DemoEval lab to test OpenSSL 1.1 for those interested. These technologies are not inexpensive to test but the performance impact is expected to be large hence why we will likely setup a dedicated demo in the near future.
The official change log can be found here.