summaryrefslogtreecommitdiffstats
path: root/rpc
diff options
context:
space:
mode:
authorMohit Agrawal <moagrawal@redhat.com>2020-01-02 10:23:52 +0530
committerMOHIT AGRAWAL <moagrawa@redhat.com>2020-05-26 02:58:12 +0000
commit177cc09d24515596eb51739ce0a276c26e3c52f1 (patch)
tree1a4167f903906e48bf72910f961065bb9e438c07 /rpc
parent2ae5f8eaaf1034ae2bccd90521427d4f171ee3a3 (diff)
socket: Use AES128 cipher in SSL if AES is supported by CPU
SSL performance is improved after configuring AES128 cipher so use AES128 cipher as a default cipher on the CPU those enabled AES bits otherwise ssl use AES256 cipher Change-Id: I91c50fe987cbb22ed76f8012094730c592c63506 Fixes: #1050 Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
Diffstat (limited to 'rpc')
-rw-r--r--rpc/rpc-transport/socket/src/socket.c32
1 files changed, 32 insertions, 0 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index ddaa1089015..65a41d93493 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -4161,6 +4161,34 @@ static void __attribute__((destructor)) fini_openssl_mt(void)
ERR_free_strings();
}
+/* The function returns 0 if AES bit is enabled on the CPU */
+static int
+ssl_check_aes_bit(void)
+{
+ FILE *fp = fopen("/proc/cpuinfo", "r");
+ int ret = 1;
+ size_t len = 0;
+ char *line = NULL;
+ char *match = NULL;
+
+ GF_ASSERT(fp != NULL);
+
+ while (getline(&line, &len, fp) > 0) {
+ if (!strncmp(line, "flags", 5)) {
+ match = strstr(line, " aes");
+ if ((match != NULL) && ((match[4] == ' ') || (match[4] == 0))) {
+ ret = 0;
+ break;
+ }
+ }
+ }
+
+ free(line);
+ fclose(fp);
+
+ return ret;
+}
+
static int
ssl_setup_connection_params(rpc_transport_t *this)
{
@@ -4184,6 +4212,10 @@ ssl_setup_connection_params(rpc_transport_t *this)
return 0;
}
+ if (!ssl_check_aes_bit()) {
+ cipher_list = "AES128:" DEFAULT_CIPHER_LIST;
+ }
+
priv->ssl_own_cert = DEFAULT_CERT_PATH;
if (dict_get_str_sizen(this->options, SSL_OWN_CERT_OPT, &optstr) == 0) {
if (!priv->ssl_enabled) {