From owner-freebsd-security@FreeBSD.ORG Tue Apr 13 11:52:50 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51C8916A4CE for ; Tue, 13 Apr 2004 11:52:50 -0700 (PDT) Received: from smtp3b.sentex.ca (smtp3b.sentex.ca [205.211.164.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1102743D31 for ; Tue, 13 Apr 2004 11:52:50 -0700 (PDT) (envelope-from mike@sentex.net) Received: from avscan2.sentex.ca (avscan2.sentex.ca [199.212.134.19]) by smtp3b.sentex.ca (8.12.11/8.12.11) with ESMTP id i3DIqnCt028357 for ; Tue, 13 Apr 2004 14:52:49 -0400 (EDT) (envelope-from mike@sentex.net) Received: from localhost (localhost [127.0.0.1]) by avscan2.sentex.ca (Postfix) with ESMTP id 9877659C90 for ; Tue, 13 Apr 2004 14:52:49 -0400 (EDT) Received: from avscan2.sentex.ca ([127.0.0.1]) by localhost (avscan2.sentex.ca [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 40846-12 for ; Tue, 13 Apr 2004 14:52:49 -0400 (EDT) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by avscan2.sentex.ca (Postfix) with ESMTP id 813E859C8A for ; Tue, 13 Apr 2004 14:52:49 -0400 (EDT) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.11/8.12.11) with ESMTP id i3DIqmAm011134 for ; Tue, 13 Apr 2004 14:52:48 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.0.3.0.0.20040413145345.07e0af70@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.3.0 Date: Tue, 13 Apr 2004 14:53:57 -0400 To: freebsd-security@freebsd.org From: Mike Tancsa Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Virus-Scanned: by amavisd-new at (avscan2) sentex.ca Subject: Re: recommended SSL-friendly crypto accelerator X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 18:52:50 -0000 At 02:19 PM 13/04/2004, Michael W. Lucas wrote: >OK, for the record I asked sam@. He says that the VPN1401 has issues >for (at a minimum) symmetric crypto ops, but he hasn't had time to >investigate and doesn't own a 1401, so... > >So, it looks like my choices are rapidly narrowing. It seems that the >powercrypt cards are well-supported, perhaps I'll give them a call. I think the powercrypt is based on the same HiFn chip and uses the same driver, so it might be hit by the same bug that I am running into both on FreeBSD and OpenBSD. Then again, it could be some issue with openssl as to how it talks to the card. Still, there were reports by one ipsec user on OpenBSD that they had problems with the card and IPSEC. I would love to hear from any FreeBSD or OpenBSD user with the 1401 to see if they can reproduce this bug. ---Mike