It is commonplace for web services running on servers to secure connections to client devices over a network. This is typically done by running a Secure Sockets Layer (SSL) stack on a server to establish a secured TCP/IP connection over the network. Popular SSL solutions such as OpenSSL can provide a complete suite of security-related operations including but not limited to, connection establishment and tear down, and payload encryption and authentication, using software solutions. Providing security SSL operations and services in software, however, consumes tremendous amount of CPU processing power on the server.
In some OpenSSL and other SSL implementations, mechanisms are provided for offloading cryptography operations required by the secured connections from the server to an external hardware accelerator. Such mechanisms, however, primarily account for only cryptography operations (e.g., encryption/decryption, authentication) and have not been regarded as beneficial because they require multiple trips between user space of the server and the accelerator across, for example, a Peripheral Component Interconnect (PCI) bus. The CPU savings on the server would be greater if it is possible to offload the entire secure connection processing to a hardware accelerator.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent upon a reading of the specification and a study of the drawings.