Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist Technology and Open SL
Intel QuickAssist Technology and OpenSSL - Benchmarks and Setup Tips
We recently had the opportunity to test Intel QuickAssist Technology with OpenSSL 1.1. This is a test we have been waiting for since May 2016 but OpenSSL 1.1 was delayed for several months. In the interim, we have had several QuickAssist 1.6 capable cards in the lab, including those from Intel and Netgate. We will have more benchmarks with more applications in the coming weeks but wanted to provid
The perfect SSL NGINX configuration
Last Updated: 11/10/2017 At Commando.io we make sure we are always on top of any potential security exploits or vulnerabilities. Unfortunately, lately there has been a steady stream of SSL related issues (Heartbleed and POODLE come to mind). Fortunately patching some of the most prominent issues only requires updating a few NGINX directives. We figured we would share our SSL NGINX configuration bl
TLS termination: stunnel, nginx & stud, round 2
A month ago, I published an article on the compared performance of stunnel, nginx and stud as TLS terminators. The conclusion was to use stud on a 64-bit system, with session caching and AES. stunnel was unable to scale properly and nginx exhibited important latency issues. I got constructive comments on many aspects. Therefore, here is the second round. The protagonists are the same but both the
Security/Server Side TLS - MozillaWiki
The ordering of cipher suites in the Old configuration is very important, as it determines the priority with which algorithms are selected. OpenSSL will ignore cipher suites it doesn't understand, so always use the full set of cipher suites below, in their recommended order. The use of the Old configuration with modern versions of OpenSSL may require custom builds with support for deprecated ciphe
NginxでリバースプロキシをKeepAliveしたときの性能検証 - Qiita
Nginx + Luaを用いた、ハイパフォーマンスで動的なプロキシサーバを考察中です。 そのための施策の一つとして 上流サーバへのアクセスをKeepAliveする という方法がありますが その際、プロキシサーバにどの程度性能に変化があるのかを調査してみました。 リバースプロキシのkeepalive設定 前提条件として Nginx > 1.1.4 が必要。 upstreamに keepalive というattributeがあるのでそれを設定します。 それと同時に、プロキシヘッダーにHTTP/1.1設定などを行いましょう。 ちなみにproxy_passだけだとkeepaliveできないようです。upstream必須。 あと、もちろんバックエンドサーバ側もkeepalive設定しておきます。 upstream http_backend { server oreore.micro.service;
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
HTTPS設定ファイル生成ツール0.3(ベータ版)
