- Tengine SSL/TLS asynchronous mode
Description
Provide information about how to enable SSL/TLS asynchronous in Tengine.
- SSL/TLS asynchronous mode is provided by OpenSSL 1.1.0+ version.
Compilation
Build Tengine with configuration item '--with-http_ssl_module' and '--with-openssl-async'.
Directives
Syntax: ssl_async on | off;
Default: ssl_async off;
Context: http, server
Enables SSL/TLS asynchronous mode for the given virtual server.
Example
file: conf/nginx.conf
http { |
OR
http { |
Note
To demostrate the asynchronous mode of SSL/TLS, it needs an asynchronous enabled
engine support. As a reference implementation, OpenSSL 1.1.0+ version provides
an 'dasync' engine which support the asynchronous working flow.
'dasync' engine will be built as a shared library 'dasync.so' in engines/
Please use below reference openssl.cnf file to enable it for RSA offloading.
openssl_conf = openssl_def |
For more details information, please refer to https://www.openssl.org.
Offload SSL
Tengine used ssl_async QAT offload SSL computationally intensive, could make double's ability to handle the HTTPS, more detailed reference Tengine offload SSL document.