PKCS11 Bypass Support

This Web Server update release introduces an option to instruct NSS to bypass the PKCS#11 layer during parts of the SSL/TLS processing. Bypassing the PKCS#11 layer improves performance. By default, the PKCS#11 layer is bypassed. At the time of server startup, the server queries each token holding a server key to verify that each token can support PKCS#11 bypass. If any of the tokens cannot support bypass, bypass is disabled. Therefore, no user action is required to take advantage of the performance benefits of the PKCS#11 bypass. The server automatically takes advantage of the bypass and automatically disables the bypass if the token cannot be used given the current configuration. For more information, see Sun Java System Web Server 7.0 Update 7 Administrator’s Configuration File Reference.

Web Server provides Command Line Interface (CLI) and Admin Console support to enable or disable the bypass. For more information about how to enable or disable PKCS11 bypass using the Admin Console or the CLI, see To Enable and Bypass PKCS#11 Tokens in Sun Java System Web Server 7.0 Update 7 Administrator’s Guide.