
Optimizing TLS for High–Bandwidth Applications in FreeBSD [pdf] - wglb
https://people.freebsd.org/~rrs/asiabsd_2015_tls.pdf
======
jvehent
Netflix can serve up to 40Gbps of traffic per server in cleartext HTTP. Their
initial test of adding TLS induced a performance cut of ~3x, which has huge
cost impact to their infrastructure. This is due to sendfile(), a kernel
syscall used by nginx, not being available when data needs to be encrypted by
TLS in userland.

Netflix really needs sendfile() to work with TLS to enable HTTPS on all of its
traffic, so they added some limited crypto support to the BSD kernel. What
that paper really demonstrates is the need for a TLS stack in the kernel that
can let userspace daemons benefit from low-level optimizations. I, for one,
would love to see something like this added to the linux kernel!

This is great work from Netflix. They could have just said "screw it, it's too
hard/expensive, we'll do HTTP". But instead they listened to a minority of
their users that really cares about privacy and dedicated time and resources
to fixing a hard problem. Really impressive work!

~~~
userbinator
_What that paper really demonstrates is the need for a TLS stack in the kernel
that can let userspace daemons benefit from low-level optimizations._

On the other hand, vulnerabilities can become more severe, like this recent
one:
[https://news.ycombinator.com/item?id=9380468](https://news.ycombinator.com/item?id=9380468)

Perhaps full TLS in the kernel isn't necessary, but only the stream encryption
- which tends to be the simpler part and thus less likely to have
vulnerabilities compared to session negotiation/key exchange/etc.

It might be a rather expensive option, but what do you think of offloading TLS
to the NIC? A lot of them do TCP offload already and there are "SSL
Accelerator" HSMs available.

~~~
jamiesonbecker
Alternatively, offload TLS to GPU's:
[http://hgpu.org/?p=2472](http://hgpu.org/?p=2472)

~~~
cjg_
The only reason they could do 40 GBps without SSL was kernel zero copy.
Copying it over to the GPU and back will definitely not be faster.

------
shanemhansen
Judging by the few comments here, people seem to be more accepting of moving
tls into the kernel than they are of windows moving http into the kernel. Is
this a double standard? They are both protocols implemented on tcp, most often
by userspace programs.

