 | This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "TLS acceleration" – news ·newspapers ·books ·scholar ·JSTOR(July 2023) (Learn how and when to remove this message) |
TLS acceleration (formerly known asSSL acceleration) is a method of offloading processor-intensivepublic-key encryption forTransport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL)[1] to a hardware accelerator.
Typically this means having a separate card that plugs into aPCI slot in a computer that contains one or morecoprocessors able to handle much of the SSL processing.
TLS accelerators may use off-the-shelfCPUs, but most use customASIC andRISC chips to do most of the difficult computational work.
The most computationally expensive part of a TLS session is the TLS handshake, where the TLS server (usually a webserver) and the TLS client (usually a web browser) agree on a number of parameters that establish the security of the connection. During the TLS handshake the server and the client establish session keys (symmetric keys, used for the duration of a given session), but the encryption and signature of the TLS handshake messages itself is done using asymmetric keys, which requires more computational power than the symmetric cryptography used for the encryption/decryption of the session data.
Typically a hardware TLS accelerator will offload processing of the TLS handshake while leaving it to the server software to process the less intensesymmetric cryptography of the actual TLSdata exchange, but some accelerators handle all TLS operations and terminate the TLS connection, thus leaving the server seeing only decrypted connections. Sometimes data centers employ dedicated servers for TLS acceleration in areverse proxy configuration.
Modernx86 CPUs supportAdvanced Encryption Standard (AES) encoding and decoding in hardware, using theAES instruction set proposed by Intel in March 2008.
Allwinner Technology provides a hardware cryptographic accelerator in its A10, A20, A30 and A80ARMsystem-on-chip series, and all ARM CPUs have acceleration in the later ARMv8 architecture. The accelerator provides theRSA public-key algorithm, several widely usedsymmetric-key algorithms,cryptographic hash functions, and a cryptographically securepseudo-random number generator.[2]