2025-10-07 –, Krakow/ Business Value & Enterprise Adoption
OpenSSL Provider's allow for an easy mechanism to include unique cryptographic implementations (from a performance or security standpoint), specific to certain HW configurations, beyond what is in the default OpenSSL provider. As such there are a number of advantages to developing a provider for both the business and developer. In this talk I will cover the advantages and disadvantages of the provider approach along with practical use cases.
In the current landscape of cryptographic algorithms and potential implementation optimizations, OpenSSL providers enable an easy mechanism for developers to provide innovation at their own cadence.
- Async features included in OpenSSL, enable providers to submit cryptographic operations in parallel to processing the TLS protocol or application workload.
- Increased performance utilizing unique characteristics of the underlying hardware, beyond what is available in the default crypto provider.
- The security boundary for a provider gives a way to build a FIPS certified solution in conjunction with the standard FIPS provider.
- Algorithmic implementations can be released at a cadence outside of the main OpenSSL releases, allowing for updates as they become available.
- Support for multiple versions of OpenSSL
- Deployment considerations when delivering an out of tree provider.
I'll also discuss some considerations to account for when deciding if upstreaming to the default provider or a custom provider is the right choice and how maybe both paths simultaneously is the best option. Where applicable we'll show performance characteristics and advantages to the provider approach.
Brian Will is a Principal Engineer in Intel focused on Network Security Acceleration and lossless compression. He has over 25+ years experience developing Software for Network Security and Packet Processing architectures.
Principal Software Engineer at Intel. Specialist in high performance, secure software for network, cryptographic and embedded applications. Software architect for Intel's QAT cryptographic and compression accelerator.