Hardware Accelerator Advice

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Nov 10 13:31:19 CET 2011

On Thu, Nov 10, 2011 at 10:09 AM, Kip Warner <kip at thevertigo.com> wrote:
> Hey folks,
> I'd like the advice of anyone who would like to offer some regarding my
> intended usage of GnuTLS.
> I'd like to use it as part of a game server to ensure secure client /
> server authentication during the handshake. During that process, I
> understand that it can be resource intensive on the server when there
> may be hundreds of clients attempting to do the same thing at the same
> time. I know that there is a such thing as SSL hardware accelerator
> cards that can have this computation offloaded to them, but seek
> informed advice from the community for this situation.

 In gnutls you can use instruction based optimizations on CPU's like
via (with padlock) or intel/amd (with AES-NI), to optimize the
operations on AES and/or SHA. There are also embedded (usually)
systems that provide a kernel driver (/dev/crypto) to  access few
cryptographic algorithms. Both of the above optimize the transfer of
data between client and server. They do not optimize the handshake
procedure. For that you will need something like a hardware
accelerator (or security module) that provides a PKCS #11 interface
(driver) to access operations on RSA (or ECDSA) keys. I cannot suggest
any because I have only tested security modules that didn't really
provide acceleration (they were used for key isolation).

There are however, other ways to optimize the handshake for your
server. That is using an elliptic curve (ECDSA) key instead of RSA, or
using ephemeral elliptic curve diffie hellman instead of plain diffie
hellman etc. If you have control over the client and server
application you can configure them to use the ciphersuites that have
the lesser impact in performance, and make use of session resumption.

> (2) Would one even be appropriate for this situation on the server?

It would if you really expect the server to be busy (in calculations).
It might happen that with configuration tweaks the server remains idle
even without one.

> (3) Can anyone recommend a card compatible with GnuTLS? I believe any
> that implement /dev/crypto, correct? Assume that the server would be
> running GNU/Linux with a relatively recent kernel.

I've you're looking for an optimizer of AES (or SHA), I'd suggest to
get a cpu such the ones described above (intel/amd with AES-NI or via
with padlock). If you also need to optimize RSA/ECDSA you'll need a
hardware accelerator with PKCS #11 support. Such one should work out
of the box because PKCS #11 is pretty simple, but you'd better ask the
provider of the module for compatibility (especially if it is an
expensive one).


More information about the Gnutls-help mailing list