SSL / Encryption App
SSL (HTTPS) and file encryption/decryption can be offloaded to a processor’s
AES-NI extension. This can both speed up these operations while lowering
processing overhead. This requires a processor with the AES-NI instruction set.
Here are some examples how to check if your CPU / environment supports the
AES-NI extension:
- For each CPU core present: grep flags /proc/cpuinfo or as a summary for
all cores: grep -m 1 ^flags /proc/cpuinfo If the result contains any
aes, the extension is present.
- Search eg. on the Intel web if the processor used supports the extension
Intel Processor Feature Filter You may set a filter by
"AES New Instructions" to get a reduced result set.
- For versions of openssl >= 1.0.1, AES-NI does not work via an engine and
will not show up in the openssl engine command. It is active by default
on the supported hardware. You can check the openssl version via openssl
version -a
- If your processor supports AES-NI but it does not show up eg via grep or
coreinfo, it is maybe disabled in the BIOS.
- If your environment runs virtualized, check the virtualization vendor for
support.