Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using SafeXcel hardware crypto for SSL offloading with HAproxy?

    General pfSense Questions
    2
    2
    249
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      labert
      last edited by

      Hi all,

      I've been using HAProxy on my Netgate 2100 at home to offload SSL in combination with ACME to save me the hassle of managing certificates on each and every device/appliance etc.

      So far it's working great. However the performance has been lackluster, even with only one device accessing for example NextCloud behind HAProxy. Meanwhile the poor little CPU is getting pegged to nearly 100% load.

      Is there anything i can optimize to utilize the SafeXcel crypto hardware and therefore increase throughput? Reading up on the topic OpenSSL seems to be able to make use of SafeXcel, and with HAProxy working with OpenSSL under the hood I thought it could be possible..

      Or am I just expecting too much from an 1.2GHz ARM dual core CPU? Any input would be appreciated 😊

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        I don't believe that's possible. Only kernel mode crypto operations can use SafeXcel, so IPSec or OpenVPN DCO.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.