RE: [squid-users] Problems with H/W SSL acceleration

On Wed, 17 Jun 2009 09:39:16 -0700, "Steven Paster" <SPaster_at_facetime.com>
wrote:
> Thank you for your response.
>
> We will try with a later version of squid. I am, however, greatly
> confused. Does squid support h/w acceleration? Cavium claims it does
> not.

AFAIK we have not explicitly tested or added such to Squid. The
capabilities are fully offloaded to whatever libraries are provided to
Squid at build time.

I would expect that if the Cavium libraries provide the same API as OpenSSL
they can wrap the H/W support in a way usable by Squid.

If special calls are mode its not too hard to patch Squid for this type of
thing.

Amos

>
> Steven Paster
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Tuesday, June 16, 2009 6:11 PM
> To: Steven Paster
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Problems with H/W SSL acceleration
>
> On Tue, 16 Jun 2009 15:30:54 -0700, "Steven Paster"
> <SPaster_at_facetime.com>
> wrote:
>> Hi,
>>
>> We are trying to use a Cavium H/W SSL acceleration card to accelerate
> SSL
>> encryption. The Cavium driver builds and installs without complaint.
>> Cavium supplies an SDK for building libcrypto.a and libssl.a. These
> too
>> built without issue.
>>
>> We compiled Squid 3.1.0.4 statically using the Cavium supplied
> libraries
>> and the configuration options:
> "--with-openssl=<cavium-base-directory>"
>> and " --enable-ssl". (We used ldd to confirm that Squid built
> statically
>> with the correct libraries.) In our squid.conf file we added
> "ssl_engine
>> cavium" as per information provided by Cavium; but, we get the
> message:
>> FATAL Unable to find SSL engine 'cavium'. Cavium has tested with
> Apache
>> but never with Squid.
>
> Please try with current 3.1 or snapshot to be sure this is not already
> fixed.
> We have a few thousand lines of code changed every Squid beta release,
> 3.1.0.4 is now quite old.
>
>>
>> Questions:
>> 1) Does Squid require a patch for SSL crypto h/w acceleration?
>> 2) Are there any Squid settings I need to know about?
>> 3) Has anyone been successful with another h/w card? We are not wedded
> to
>> Cavium.
>>
>>
>> Forgive me if this territory has been covered in the past; I'm new to
>> Squid. Thank you in advance for any help,
>>
>> Steven Paster
>> FaceTime Communications
>
> Amos
> Squid-3 Release Maintainer
Received on Thu Jun 18 2009 - 03:26:46 MDT