I use engine AES-NI increase performance of openssl speed (hardware acceleration) with my chip is supported engine AES-NI (Intel(R) Xeon(R) CPU E5620 @ 2.40GHz).
I try install openssl version 1.0.2-chacha and 1.0.1l
Version 1.0.2 chacha when test speed openssl with command:
openssl speed aes-256-cbc
then error:
Error: bad option or value
Version 1.0.1 when config with nginx then error:
nginx: [warn] ENGINE_by_id("aesni") failed (SSL: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:filename(/usr/lib/x86_64-linux-gnu/openssl-1.0.1/engines/libaesni.so): /usr/lib/x86_64-linux-gnu/openssl-1.0.1/engines/libaesni.so: cannot open shared object file: No such file or directory error:25070067:DSO support routines:DSO_load:could not load the shared library error:260B6084:engine routines:DYNAMIC_LOAD:dso not found error:2606A074:engine routines:ENGINE_by_id:no such engine:id=aesni)
I know for versions of openssl >= 1.0.1, AES-NI does not work via an engine and will not show up in the openssl engine command. It is active by default on the supported hardware.
I see one command in https://www.ruby-forum.com/topic/6873426#1168394 say "no configuration option and it will work as long as your cpu supports it".
But I do not find official sources.
Please suggest a solution for use version openssl and config with nginx.
In OpenSSL >= 1.0.1 AES-NI is enabled by default in the EVP interface, and there is no aesni engine. So in nginx there is no configuration option to enable AES-NI for OpenSSL versions >= 1.0.1 as it is enabled by default in OpenSSL (as long as your CPU supports it). For OpenSSL versions < 1.0.1 there is no official support for AES-NI though there is a patch available.