From owner-freebsd-security@FreeBSD.ORG  Wed Oct 22 07:19:03 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 05D8616A4DA
	for <security@freebsd.org>; Wed, 22 Oct 2003 07:19:03 -0700 (PDT)
Received: from tenebras.com (dnscache.tenebras.com [66.92.188.165])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0181343FCB
	for <security@freebsd.org>; Wed, 22 Oct 2003 07:19:02 -0700 (PDT)
	(envelope-from kudzu@tenebras.com)
Received: (qmail 69560 invoked from network); 22 Oct 2003 14:19:01 -0000
Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241)
  by laptop.tenebras.com with SMTP; 22 Oct 2003 14:19:01 -0000
Message-ID: <3F9691D5.4080703@tenebras.com>
Date: Wed, 22 Oct 2003 07:19:01 -0700
From: Michael Sierchio <kudzu@tenebras.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de
MIME-Version: 1.0
To: security@freebsd.org
References: <20031022032740.GA2605@dub.net>
	<6.0.0.22.0.20031021233604.0807f8a0@209.112.4.2>
	<3F9676FB.9020107@centtech.com> <3F968E85.1030902@tenebras.com>
	<20031022140919.GA61094@dub.net>
In-Reply-To: <20031022140919.GA61094@dub.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: hardware crypto and SSL?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2003 14:19:03 -0000

Bill Swingle wrote:

> When you say that they help quite a bit, do you mean for http+SSL or
> some other application?

It depends on the traffic profile -- it significantly reduces the
overhead of session establishment, because that's where pubkey
calculations occur.

> What I'm getting at is this: can anyone actually confirm that using
> hardware crypto can increase http+SSL speeds? I've yet to find any
> mention of it on the web.

For a first estimate, look at the claims of the manufacturers ;-)
(nCipher, Hifn, etc.)