Date: Fri, 9 Apr 2004 12:07:05 +0300 From: Rumen Telbizov <altares@e-card.bg> To: Charles Swiger <cswiger@mac.com> Cc: security@freebsd.org Subject: Re: recommended SSL-friendly crypto accelerator Message-ID: <20040409090705.GS293@e-card.bg> In-Reply-To: <3009DCC4-8986-11D8-88D0-003065ABFD92@mac.com> References: <26486.1081437513@critter.freebsd.dk> <6.0.3.0.0.20040408112048.07218a00@209.112.4.2> <3009DCC4-8986-11D8-88D0-003065ABFD92@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi > I can second/confirm Mike's observations here. > > I've got a pair of HI/FN 7951 cards which gets used by SSH if I select > 3DES, but there is no sign that Apache attempts to use it for either > the public-key RSA/DSA crypto during HTTPS session startup, nor later > for the symmetric crypto. Excuse my ignorance but I think it would be appropriate to clearify the architecture of using cryptocards with openssl. Sorry if this has been discussed. I assume the following: 1. We have an ssl library - openssl. 2. We have a crypto card(s) installed. 3. We have applications using openssl functions say mod_ssl, ssh. If the crypto card is supported, then openssl should be able to use its registered functions - say 3DES. If both ssh and mod_ssl use the same library - openssl - and its functions (3DES), how come that one application benefits from the hardware acceleration and the other one does not?! If there are other details that I'm missing in this picture I'll be glad to know them. Thank you Rumen Telbizov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040409090705.GS293>