Configuring the Apache Web server to use RDRAND in SSL sessions

Starting with the 1.0.2 release of OpenSSL*, RDRAND has been temporarily removed as a random number source. Future releases of OpenSSL will re-incorporate RDRAND, but will employ cryptographic mixing with OpenSSL's own software-based PRNG. While OpenSSL's random numbers will benefit form the quality of RDRAND, it will not have the same performance as RDRAND alone.

If you are running a high-volume SSL web server the speed advantages of RDRAND are probably desirable. An earlier case study on OpenSSL performance when RDRAND was the sole RNG source showed that speedups to the SSL handshake can lead to up to a 1% increase in the number of connections/second that could be handled by an SSL concentrator. Internal testing on the Xeon v3 family of processors shows that RDRAND can give an additional boost to AES bulk encryption as well since random numbers are used to generate IV's.

Fortuately, OpenSSL still provides access to RDRAND as a sole random number source via it's engine API: you just have to turn it on. If you are running an Apache* 2.4 web server with mod_ssl, this is very easy to do. The configuration directive, SSLCryptoDevice, tells mod_ssl which engines to initialize inside of OpenSSL. To enable RDRAND as a sole random number source, you would use the following directive:

SSLCryptoDevice rdrand

Another advantage of doing this is that the digital random number generator that feeds RDRAND is autonomous and self-seeding, so you do not have to supply entropy to OpenSSL. This means you can use the 'builtin' entropy method in mod_ssl, which is the least CPU-intesive and most simplistic method, as the entropy generated by the sources is simply going to be ignored.

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

Depending on your system architecture, you might even see slightly higher performance from one of the special device files such as /dev/zero.

 

§

 

For more complete information about compiler optimizations, see our Optimization Notice.

2 comments

Top
johnm's picture

You are correct that this does not apply to FIPS mode. Only OpenSSL's own software-based PRNG has been validated for FIPS mode, so RDRAND is not an option. In general, ENGINE support is unavailable in FIPS mode since that could allow the end user to execute modules that have not been FIPS 140-2 validated.

Can you clarify the above example when running in FIPS mode for mod_ssl?  As odd as this sounds, I am pretty convinced that the SSLRandomSeed directives are ignored by the FIPS DRBG inside OpenSSL.

Add a Comment

Have a technical question? Visit our forums. Have site or software product issues? Contact support.