From owner-freebsd-hackers@FreeBSD.ORG Sat Jul 17 07:59:47 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18B6816A4CE for ; Sat, 17 Jul 2004 07:59:47 +0000 (GMT) Received: from smtp-vbr11.xs4all.nl (smtp-vbr11.xs4all.nl [194.109.24.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 560E843D31 for ; Sat, 17 Jul 2004 07:59:46 +0000 (GMT) (envelope-from cor@xs4all.nl) Received: from xs1.xs4all.nl (xs1.xs4all.nl [194.109.21.2]) i6H7xj5j035707; Sat, 17 Jul 2004 09:59:45 +0200 (CEST) (envelope-from cor@xs4all.nl) Received: from xs1.xs4all.nl (cor@localhost.xs4all.nl [127.0.0.1]) by xs1.xs4all.nl (8.12.10/8.12.10) with ESMTP id i6H7xifr084667; Sat, 17 Jul 2004 09:59:44 +0200 (CEST) (envelope-from cor@xs4all.nl) Received: (from cor@localhost) by xs1.xs4all.nl (8.12.10/8.12.9/Submit) id i6H7xiFw084666; Sat, 17 Jul 2004 09:59:44 +0200 (CEST) (envelope-from cor) Date: Sat, 17 Jul 2004 09:59:44 +0200 From: Cor Bosman To: Mike Tancsa Message-ID: <20040717075944.GA67166@xs4all.nl> References: <200407162339.i6GNdvtS065629@xs1.xs4all.nl> <392hf09pbb6ca5val0aimm00sg0u8knv1d@4ax.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <392hf09pbb6ca5val0aimm00sg0u8knv1d@4ax.com> User-Agent: Mutt/1.4.1i X-NCC-Regid: nl.xs4all X-Virus-Scanned: by XS4ALL Virus Scanner cc: freebsd-hackers@freebsd.org cc: Cor Bosman Subject: Re: HIFN/7955 Soekris 1401 openssl problem X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jul 2004 07:59:47 -0000 > >The problem is, nothing else seems to use it. Ive been trying with > >sendmail/ssl and with apache/ssl. The card uses /dev/crypto, which exists, > >and I can make openssl load the cryptodev engine. But even a command like > >'openssl speed -engine cryptodev' doesnt use the card for any algorithm. > >Sendmail and apache are linked with libcrypto. > > Only certain commands /encryption schemes will use it in openssl. eg > > /usr/bin/openssl enc -des3 -in big.txt -k pass -out big.txt.enc > > Also, for ipsec you need to use FAST_IPSEC if you want to use it for > IPSEC stuff. > > You are using the base openssl right ? I dont want to use it for IPSEC. One of my collegues is, and thats working fine also. I want to use it for TLS/SSL acceleration in sendmail. I linked sendmail against the base openssl (libcrypto and libssl). When using mozilla to send a mail it negotiates the following encryption scheme: DHE-RSA-AES256-SHA. Ive also used Kmail and outlook, which negotiated slightly different schemes, but also didnt work. And I forced a whole myriad of schemes, from simple to complicated, through apache, and none of them worked. Is there a way to get hardware acceleration for sendmail TLS/SSL? Maybe get a different card? Cor