Increasing Secure Proxy SFTP Encryption/Decryption performance on Solaris

Body

SFTP encryption/decryption typically has a high CPU cost.  SSP is a Java application and the Java encryption/decryption is normally interpretive.  

However, we can tell Java to utilize the SolarisSPARC hardware for encryption/decryption and gain a performance improvement.  SSP automatically does this for Intel processors.

To enable this please perform the following steps:

Bring down the SSP engine.

In the <sspEngineInstall>/jre/lib/security, edit the java.security file and locate the comment:

# List of providers and their preference orders (see above):

The change to be made is to add a new provider as the first provider:

security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
security.provider.3=sun.security.provider.Sun
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
security.provider.6=com.ibm.security.cert.IBMCertPath
security.provider.7=com.ibm.security.sasl.IBMSASL
security.provider.8=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.9=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.10=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
### STERLING COMMERCE OVERRIDE ###
security.provider.11=com.ibm.security.cmskeystore.CMSProvider
security.provider.12=com.ibm.security.pemkeystore.PEMProvider

Note that we are adding the com.oracle.security.ucrypto... provider as .1 which means that the others have to renamed (.1 to .2, .2 to .3, ... .11 to .12, etc).  

Also note that there is a blank before ${java.home}...

Now, restart the SSP engine and re-do your test through SSP for your SFTP transfers.

This should make a dramatic performance improvement.