Yogaraj-Alamenda
commented
8 months ago @foxriver1025 Apologies for the late reply . AES256-SHA256 is the cipher to check Please note that, QAT Engine doesn't support ENCRYPT_THEN_MAC(default) mode of operation meaning when Encrypt then MAC is negotiated for symmetric ciphers say AES-CBC, the requests will not get offloaded via QAT_HW, instead uses OpenSSL SW. Disable ENCRYPT_THEN_MAC with the flag SSL_OP_NO_ENCRYPT_THEN_MAC programmatically using SSL_CTX_set_options() to offload symmetric chained ciphers via QAT_HW. Please note disabling ENCRYPT_THEN_MAC has security implications.
Please tell me which ssl_ciphers will use the chained cipher AES-256-CBC-HMAC-SHA256 , thanks.