Objectives

This study examines the exploitation and advantages of using the IBM® System z® cryptographic hardware features for accelerated SSL connections (using clear key).

The cryptographic features available for this test scenario are CP Assist for Cryptographic Function (CPACF) and Crypto Express® (CEX).

The setup part of this paper outlines the required customization steps required to enable SSL support for IBM WebSphere Application Server (WAS) in a first scenario and for IBM HTTP server (IHS) in a second scenario. It describes how to enable the cryptographic hardware support that is available on the IBM System z platform.

The following configurations are considered in more detail:

• WAS SSL setup for securing network communications
• IHS SSL setup for securing network communications
• Linux™ on System z cryptographic configurations required

The results part discusses the SSL performance for both setups using the different levels of System z cryptographic hardware features.

The SSL performance results include:

• Results for SSL cryptographic operations in software only
• Results for SSL cryptographic operations supported by CPACF
• Results for SSL cryptographic operations supported by CPACF and CEX3
  • CEX3 configured as SSL Accelerator (CEX3A)
  • CEX3 configured as co-processor (CEX3C)
• Results for different RSA key lengths