Date: Wed, 22 Oct 2003 07:20:43 -0700 (PDT) From: Jason Stone <freebsd-security@dfmm.org> To: Bill Swingle <unfurl@dub.net> Cc: security@freebsd.org Subject: Re: hardware crypto and SSL? Message-ID: <20031022071611.T8440@walter> In-Reply-To: <20031022140919.GA61094@dub.net> References: <20031022032740.GA2605@dub.net> <6.0.0.22.0.20031021233604.0807f8a0@209.112.4.2> <3F9676FB.9020107@centtech.com> <3F968E85.1030902@tenebras.com> <20031022140919.GA61094@dub.net>
index | next in thread | previous in thread | raw e-mail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > When you say that they help quite a bit, do you mean for http+SSL or > some other application? > > What I'm getting at is this: can anyone actually confirm that using > hardware crypto can increase http+SSL speeds? I've yet to find any > mention of it on the web. So, I haven't run such boards personally, but that is the intention, yeah. I think that the way it works is that the kernel has drivers for the various crypto boards and makes access to those boards available via /dev/crypto or something, and that openssl knows to look for that interface and, if it exists, pass whatever expensive crypto functions it can off to the board. Then any app that uses openssl (eg, apache-mod_ssl) will automatically use and benefit from the crypto hardware. At least, that's the way I think it works under openbsd, and I imagine that that functionality was all imported when the openbsd crypto device stuff was imported. -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE/lpI7swXMWWtptckRAuBWAJ4tWIHkFSiP/Mc4w8Fs6QLqo15ZMgCfTfWL LVvlnsetqJLyki1Um3VlNAk= =njpa -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031022071611.T8440>