Pattern Details
CATEGORY
SecurityCREATED BY
UPDATED AT
April 04, 2024VERSION
1.0
Pattern Snapshot
Related Patterns
Accelerated mTLS handshake for Envoy data planes
MESHERY4421
What this pattern does:
Envoy uses BoringSSL as the default TLS library. BoringSSL supports setting private key methods for offloading asynchronous private key operations, and Envoy implements a private key provider framework to allow creation of Envoy extensions which handle TLS handshakes private key operations (signing and decryption) using the BoringSSL hooks.
CryptoMB private key provider is an Envoy extension which handles BoringSSL TLS RSA operations using Intel AVX-512 multi-buffer acceleration. When a new handshake happens, BoringSSL invokes the private key provider to request the cryptographic operation, and then the control returns to Envoy. The RSA requests are gathered in a buffer. When the buffer is full or the timer expires, the private key provider invokes Intel AVX-512 processing of the buffer. When processing is done, Envoy is notified that the cryptographic operation is done and that it may continue with the handshakes.
Envoy uses BoringSSL as the default TLS library. BoringSSL supports setting private key methods for offloading asynchronous private key operations, and Envoy implements a private key provider framework to allow creation of Envoy extensions which handle TLS handshakes private key operations (signing and decryption) using the BoringSSL hooks.
CryptoMB private key provider is an Envoy extension which handles BoringSSL TLS RSA operations using Intel AVX-512 multi-buffer acceleration. When a new handshake happens, BoringSSL invokes the private key provider to request the cryptographic operation, and then the control returns to Envoy. The RSA requests are gathered in a buffer. When the buffer is full or the timer expires, the private key provider invokes Intel AVX-512 processing of the buffer. When processing is done, Envoy is notified that the cryptographic operation is done and that it may continue with the handshakes.
Caveats and Consideration:
test
Compatibility:
Recent Discussions with "meshery" Tag
- Mar 28 | Meshery Build and Release | March 28th 2024
- Mar 27 | Meshery Development Meeting | 27th March 2024
- Mar 13 | Badge leveling system proposal
- Mar 20 | While running the command Make-server. localhost shows 404 not found. Are there any possible solution to fix also please suggest the setting up the project using docker route
- Feb 23 | Local Environment Setup TroubleShooting error
- Mar 20 | Meshery Development Meeting | March 20th 2024
- Mar 11 | [Help Wanted] A list of open DevOps-centric needs on Meshery projects
- Mar 17 | Error while deploying pod on meshmap
- Mar 15 | Meshery Build & Release Meeting | March 14th, 2024
- Mar 13 | Can i know ,is it possible to have admission controllers and CRD's in meshery catlog? or will support in future?