RHEL 7 HAProxy 1.5.x and custom openssl engines

Comments 1

Hi,

I was wondering if there is an option, like in apache mod_ssl 'SSLCryptoDevice engine' to change the default cryptoengine to use Hardware Security Modules (for example Thales/nCipher chill engine)? I know that HAProxy uses openssl as a encryption/SSL/TLS layer, so it might be very useful.

Krzysztof

Started 2014-09-02T07:34:52+00:00 by

Krzysztof Mazurek

Active Contributor 354 points

Responses

Red Hat Expert 855 points

29 October 2014 7:14 PM

Michele Baldessari

Hi Krzysztof,

no currently haproxy on RHEL 7.0 does not support OpenSSL engine offloading. Such support has never made its way upstream, even though some discussions took place. Mostly due to the fact that with today's CPUs and with general size of the request the performance benefits were too small.

regards,
Michele

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

RHEL 7 HAProxy 1.5.x and custom openssl engines

Responses