- 最新
- 投票最多
- 评论最多
You can use HSM for TLS offload.
https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-overview.html
In this case, private key used to encrypt/decrypt “Pre-master” secret never leaves HSM. Also, with the use of latest AWS HSM SDK > 5.8.0, JCE/PKCS application, can connect multiple application instances to the same cluster and one application can connect to multiple HSM clusters if required. If application requires huge amount of sessions, you can horizontally scale application instances(web servers) that can connect to the same HSM cluster. This will help with the performance/scalability requirements.
https://docs.aws.amazon.com/cloudhsm/latest/userguide/java-lib-configs-multi.html
Hi,
HSM service has published some performance data: https://docs.aws.amazon.com/cloudhsm/latest/userguide/performance.html
Also in section "Performance and capacity" of https://aws.amazon.com/cloudhsm/faqs/
This ppt (I recommend to read it in full) gives at page 36 and beyond some recipes to improve perfs: https://d1.awsstatic.com/events/reinvent/2019/REPEAT_1_Deep_dive_on_AWS_CloudHSM_SEC406-R1.pdf
Or this newer version at https://d1.awsstatic.com/events/reinvent/2021/Deep_dive_on_AWS_CloudHSM_SEC322.pdf
Best,
Didier
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前