JCloud enables kernel-space TLS offloading / KTLS



Starting from 2021-09-15, all JCloud software will gradually activate kernel-space TLS encryption, KTLS, using the new JLinux OpenSSL version 3.0.0.
Until now, encryption has been done in user-space using CPU instructions for encryption the TLS packets. This creates an extra copy-buffer which is not very efficient. With kernel-space TLS, this buffer is no longer needed.
This can increase throughput by around 50% under high-utilization situations and also reduce latency, meaning better performance.
The Linux kernel also have a special sendfile()-function which can send the contents of a file completely without using any buffers. This function could previously not be used with TLS-connections, but now can.

For web solutions, JHTTP automatically enable KTLS which in turn enables the functionality on WebCDN, JMail, Apploader and all other web engines.
For non-web solutions, like SMTP, it is also automatically enabled.

Kernel-space TLS offloading may additionally also use underlying physical network interface hardware (NVidia/Mellanox etc) which further improves performance.




2021-09-13