From owner-freebsd-net@FreeBSD.ORG Fri Sep 3 10:03:57 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A536106585C for ; Fri, 3 Sep 2010 10:03:57 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id F2C198FC19 for ; Fri, 3 Sep 2010 10:03:56 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1OrStC-0001zv-4K for freebsd-net@freebsd.org; Fri, 03 Sep 2010 11:48:54 +0200 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 03 Sep 2010 11:48:54 +0200 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 03 Sep 2010 11:48:54 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org From: Ivan Voras Date: Fri, 03 Sep 2010 11:48:44 +0200 Lines: 19 Message-ID: References: <32AB5C9615CC494997D9ABB1DB12783C024C8DE03A@SJ-EXCH-1.adaranet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.9) Gecko/20100518 Thunderbird/3.0.4 In-Reply-To: <32AB5C9615CC494997D9ABB1DB12783C024C8DE03A@SJ-EXCH-1.adaranet.com> X-Enigmail-Version: 1.0.1 Cc: freebsd-security@freebsd.org Subject: Re: seeking current supported crypto co-processors X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2010 10:03:57 -0000 On 09/03/10 02:35, Ricky Charlet wrote: > Howdy, > > > I'm seeking current cryptographic coprocessors supported in FreeBSD 8.x. By perusing through the crypto-dev (and subsequently referenced) man page(s) I found this list: > Hifn 7751/7951/7811/7955/7956 crypto accelerator > SafeNet 1141/1741 > Bluesteel 5501/5601 > Broadcom bcm5801/5802/5805/5820/5821/5822/5823/5825 > > Those are all pretty old (and in some cases, no longer existent). I'm surveying these lists to see if anyone knows of more modern chips working with FreeBSD 8.x. Or if you feel some chip on the list above is up to the task of near about 1 Gb throughput across a PCIe and has friendly vendor support for FreeBSD, I'd sure like to hear about that too. > I'm not saying they are useless but are you really sure you need them? Even on the last generation of CPUs without AES instructions you can easily get 125 MB/s of AES-128 encryption and 300 MB/s of RC4 per CPU core, so even one core can saturate a 1 Gbit/s link. You can setup a cheap box to be a SSL proxy in front of the real web servers to offload SSL.