Re: hardware crypto and SSL?

From: Jason Stone (freebsd-security_at_dfmm.org)
Date: 10/22/03

Next message: Mike Tancsa: "Re: hardware crypto and SSL?"

Previous message: Michael Sierchio: "Re: hardware crypto and SSL?"
In reply to: Bill Swingle: "Re: hardware crypto and SSL?"
Next in thread: Eric Anderson: "Re: hardware crypto and SSL?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 22 Oct 2003 07:20:43 -0700 (PDT)
To: Bill Swingle <unfurl@dub.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> When you say that they help quite a bit, do you mean for http+SSL or
> some other application?
>
> What I'm getting at is this: can anyone actually confirm that using
> hardware crypto can increase http+SSL speeds? I've yet to find any
> mention of it on the web.

So, I haven't run such boards personally, but that is the intention, yeah.
I think that the way it works is that the kernel has drivers for the
various crypto boards and makes access to those boards available via
/dev/crypto or something, and that openssl knows to look for that
interface and, if it exists, pass whatever expensive crypto functions it
can off to the board. Then any app that uses openssl (eg, apache-mod_ssl)
will automatically use and benefit from the crypto hardware.

At least, that's the way I think it works under openbsd, and I imagine
that that functionality was all imported when the openbsd crypto device
stuff was imported.

-Jason

--------------------------------------------------------------------------
Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
that he was insufficiently fondled when he was an infant.
-- Ashley Montagu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE/lpI7swXMWWtptckRAuBWAJ4tWIHkFSiP/Mc4w8Fs6QLqo15ZMgCfTfWL
LVvlnsetqJLyki1Um3VlNAk=
=njpa
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Mike Tancsa: "Re: hardware crypto and SSL?"

Previous message: Michael Sierchio: "Re: hardware crypto and SSL?"
In reply to: Bill Swingle: "Re: hardware crypto and SSL?"
Next in thread: Eric Anderson: "Re: hardware crypto and SSL?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]