The browser version you are using is not recommended for this site.Please consider upgrading to the latest version of your browser by clicking one of the following links.
We are sorry, This PDF is available in download format only
Provision a Linux Web Server for Intel® AES-NIHow to Provision a Linux* Web Server for Intel® AES-NI This guide will review the steps to configure a
server and client to use Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) when performing secure web transactions. Intel AES-NI provides
significant performance improvements allowing the use of data protection not feasible before. Intel AES-NI is a set of seven new instructions in the Intel® Xeon®
processor 5600 series (formerly codenamed Westmere-EP). The instructions are also available on certain desktop and mobile processors. Several newer Linux*
distributions have Intel AES-NI support built-in. Older distributions require the use of a patch to OpenSSL. The steps outlined in this paper ensure the software
is configuration to use this new capability. Background Information A secure web transaction, like accessing one’s bank account, encrypts the data
before sending it over the Internet. Secure Socket Layer (SSL) and the newer Transport Layer Security (TLS) are the protocols typically used to deliver secure
transactions over the network. When a client machine wants to securely access a server machine over TLS or SSL, a handshake occurs to choose the encryption
protocol. For the new instructions to be used, the AES cipher must be selected during the handshake. The encryption cipher is chosen based on the preferred order
that is configured in the software. To use AES and therefore Intel AES-NI, the AES cipher should be first on each priority list. The web server should be
configured to have the AES cipher as the preferred choice, highest on the cipher list. For the client computers under your control, you want to also establish AES
as the default cipher. These settings will be reviewed in the paper to ensure they use the new capabilities offered by the Intel Xeon processor 5600 series.
Several newer distributions have Intel AES-NI support built-in, such as Red Hat Enterprise Linux* 6 (in beta2 at time of writing) and Fedora* 13. For this
paper, Fedora13, RHEL6 beta2 and Firefox 3.5.3 were used. Older distributions require the use of a patch to OpenSSL Since detailed step-by-step instructions are
dependent on the specific distribution and configuration, some instructions may vary if a different distribution is used.Read the full Provision a Linux* Web Server for Intel AES-NI Guide.
Speeding security software and making it stronger with silicon-based tools to increase efficiency.
Indra provides top performance for air traffic control.
Managed PKI solutions from Symantec use 3rd generation Intel Core vPro processors to deliver the same level of security as smart card technology.
Parallels works with Intel to provide security monitoring and service catalogs to deploy virtual machines.
See how built-in technologies offer protection in threat mitigation, identity, data, and monitoring.
Animation on McAfee ePO Deep Command*.