From owner-freebsd-security@FreeBSD.ORG Tue Apr 13 11:19:52 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DECBA16A4CE for ; Tue, 13 Apr 2004 11:19:52 -0700 (PDT) Received: from bewilderbeast.blackhelicopters.org (bewilderbeast.blackhelicopters.org [198.22.63.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8119643D6D for ; Tue, 13 Apr 2004 11:19:51 -0700 (PDT) (envelope-from mwlucas@bewilderbeast.blackhelicopters.org) Received: from bewilderbeast.blackhelicopters.org (mwlucas@localhost [127.0.0.1])i3DIJlJQ064928; Tue, 13 Apr 2004 14:19:47 -0400 (EDT) (envelope-from mwlucas@bewilderbeast.blackhelicopters.org) Received: (from mwlucas@localhost)i3DIJhP6064927; Tue, 13 Apr 2004 14:19:43 -0400 (EDT) (envelope-from mwlucas) Date: Tue, 13 Apr 2004 14:19:43 -0400 From: "Michael W. Lucas" To: Poul-Henning Kamp Message-ID: <20040413181943.GA55219@bewilderbeast.blackhelicopters.org> References: <20040408144322.GA83448@bewilderbeast.blackhelicopters.org> <26486.1081437513@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <26486.1081437513@critter.freebsd.dk> User-Agent: Mutt/1.4.1i X-Spam-Score: (0) X-Scanned-By: MIMEDefang 2.39 cc: security@freebsd.org Subject: Re: recommended SSL-friendly crypto accelerator X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 18:19:53 -0000 On Thu, Apr 08, 2004 at 05:18:33PM +0200, Poul-Henning Kamp wrote: > In message <20040408144322.GA83448@bewilderbeast.blackhelicopters.org>, "Michae > l W. Lucas" writes: > >On Thu, Apr 08, 2004 at 04:28:37PM +0200, Poul-Henning Kamp wrote: > >> >>Look at VPN14x1 from www.soekris.com, it's darn cheap too. > > > >Thanks, phk! > > > >For $79, it's cheap enough that I could put a whole stack of them in a > >machine. Can FreeBSD take advantage of multiple cards like that? > > I think so, but I am not sure the code currently does load-sharing > or just "try to find a card which can do this job" sharing. > > Maybe sam@ would know, you should probably ask him. OK, for the record I asked sam@. He says that the VPN1401 has issues for (at a minimum) symmetric crypto ops, but he hasn't had time to investigate and doesn't own a 1401, so... He also says that he considers the Broadcom 582x is the best accelerator available, except that it isn't available retail. :-( So, it looks like my choices are rapidly narrowing. It seems that the powercrypt cards are well-supported, perhaps I'll give them a call. ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org "I'm sorry, but 'Social Darwinism' is no excuse for killing all of your co-workers." -- Ivan Brunetti http://www.BlackHelicopters.org/~mwlucas/