This IBM Redpaper describes how to configure Web servers (such as Apache2 and IBM HTTP server) to use hardware cryptographic devices in Linux running on IBM System z9 and zSeries platforms. Hardware cryptographic cards are used to improve SSL performance during SSL handshaking. RedHat Enterprise Linux Advanced Server and SUSE Linux Enterprise Server distributions include packages to use these crypto cards. This repaper documents configuration steps required to use hardware cryptographic acceleration for SSL HTTP transactions with Linux distributions.

Introduction

The z90crypt device driver

Exploiting hardware encryption

Software packaging for hardware cryptographic devices

Defining cryptographic hardware to the Linux or z/VM LPAR

Loading the z90crypt device driver

The OpenSSL engine interface

The OpenCryptoki PKCS#11 subsystem

Using cryptographic devices with SSL

Configuring cryptographic devices with Apache 2.0

Configuring cryptographic devices with IHS