trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Thompson <da...@oath.com>
Subject Re: Openssl 1.1.0f Support
Date Wed, 20 Sep 2017 16:26:34 GMT
July 2016, I was evaluating the async Quick Assist in the context of ATS,
and came away with the opinion it's value comes into play with a much
simpler application.   It's effectively it's own async engine, long jumping
across the stack, and doesn't play well or add  value to ATS's more
extensive model to do similar.... not to mention mutually exclusive in
their current forms.

Dave


On Wed, Sep 20, 2017 at 10:08 AM, Alan Carroll <solidwallofcode@oath.com>
wrote:

> Susan and Dave Thompson were working on something related to that, "crypto
> proxy". There's a small mention of it by Susan at the Fall 2016 summit in
> the TLS state slides (https://cwiki.apache.org/confluence/display/TS/
> Presentations+-+2016). I'd start there and see if you can bug Susan or
> Good Dave*. Although that work was designed to use an off box crypto
> engine, the implementation from the ATS point of view is identical to what
> you're writing about. Susan will be at the Fall 2017 Summit, I'd look her
> up then as well.
>
> * To distinguish from "Evil Dave" Carlin.
>
> On Wed, Sep 20, 2017 at 9:44 AM, Jeremy Payne <jp557198@gmail.com> wrote:
>
>> Thanks guys.. Thats all I needed to know.. Now I can look closer at my
>> end. Will let you know what I find.
>>
>> Also, any plans on supporting openssl async, which then allows for
>> taking full advantage of the Intel QAT engine?
>> Understood patches/commits are welcome, but just figured there may be
>> some behind the scene works already started.
>>
>> Thanks!
>>
>> On Tue, Sep 19, 2017 at 6:31 PM, Alan Carroll <solidwallofcode@oath.com>
>> wrote:
>> > Susan has also run some performance tests with 7.1.x and openSSL 1.1 vs.
>> > openSSL 1.0.2.
>> >
>> > On Tue, Sep 19, 2017 at 5:55 PM, Leif Hedstrom <zwoop@apache.org>
>> wrote:
>> >>
>> >>
>> >> On Sep 19, 2017, at 2:20 PM, Jeremy Payne <jp557198@gmail.com> wrote:
>> >>
>> >> I can link ATS 7.x and 8.x against openssl 1.1.0f, however, for some
>> >> reason I can't establish a SSL/TLS connection.  Has anyone
>> >> successfully linked ATS against openssl 1.1.0f  and successfully been
>> >> able to establish a SSL/TLS session?
>> >> In other words, is openssl 1.1.0f supported by ATS? If not, what about
>> >> an earlier version of 1.1.0(x)??
>> >>
>> >>
>> >>
>> >> Yeh, we’re running current master with OpenSSL v1.1.0f on
>> >> docs.trafficserver.apache.org. Maybe you have some mismatch / issues
>> between
>> >> headers (when compiling ATS) and runtime?
>> >>
>> >> Cheers,
>> >>
>> >> — Leif
>> >>
>> >
>>
>
>

Mime
View raw message