Date: Sat, 17 Jul 2004 09:59:44 +0200 From: Cor Bosman <cor@xs4all.nl> To: Mike Tancsa <mike@sentex.net> Cc: Cor Bosman <cor@xs4all.nl> Subject: Re: HIFN/7955 Soekris 1401 openssl problem Message-ID: <20040717075944.GA67166@xs4all.nl> In-Reply-To: <392hf09pbb6ca5val0aimm00sg0u8knv1d@4ax.com> References: <200407162339.i6GNdvtS065629@xs1.xs4all.nl> <392hf09pbb6ca5val0aimm00sg0u8knv1d@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> >The problem is, nothing else seems to use it. Ive been trying with > >sendmail/ssl and with apache/ssl. The card uses /dev/crypto, which exists, > >and I can make openssl load the cryptodev engine. But even a command like > >'openssl speed -engine cryptodev' doesnt use the card for any algorithm. > >Sendmail and apache are linked with libcrypto. > > Only certain commands /encryption schemes will use it in openssl. eg > > /usr/bin/openssl enc -des3 -in big.txt -k pass -out big.txt.enc > > Also, for ipsec you need to use FAST_IPSEC if you want to use it for > IPSEC stuff. > > You are using the base openssl right ? I dont want to use it for IPSEC. One of my collegues is, and thats working fine also. I want to use it for TLS/SSL acceleration in sendmail. I linked sendmail against the base openssl (libcrypto and libssl). When using mozilla to send a mail it negotiates the following encryption scheme: DHE-RSA-AES256-SHA. Ive also used Kmail and outlook, which negotiated slightly different schemes, but also didnt work. And I forced a whole myriad of schemes, from simple to complicated, through apache, and none of them worked. Is there a way to get hardware acceleration for sendmail TLS/SSL? Maybe get a different card? Cor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040717075944.GA67166>