Re: recommended SSL-friendly crypto accelerator

• Previous message: andy_at_lewman.com: "Re: recommended SSL-friendly crypto accelerator"
• In reply to: Charles Swiger: "Re: recommended SSL-friendly crypto accelerator"
• Next in thread: Lev Walkin: "Re: recommended SSL-friendly crypto accelerator"
• Reply: Lev Walkin: "Re: recommended SSL-friendly crypto accelerator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 9 Apr 2004 12:07:05 +0300
To: Charles Swiger <cswiger@mac.com>

Hi

> I can second/confirm Mike's observations here.
>
> I've got a pair of HI/FN 7951 cards which gets used by SSH if I select
> 3DES, but there is no sign that Apache attempts to use it for either
> the public-key RSA/DSA crypto during HTTPS session startup, nor later
> for the symmetric crypto.

Excuse my ignorance but I think it would be appropriate
to clearify the architecture of using cryptocards with
openssl.
Sorry if this has been discussed.

I assume the following:
1. We have an ssl library - openssl.
2. We have a crypto card(s) installed.
3. We have applications using
openssl functions say mod_ssl, ssh.

If the crypto card is supported, then
openssl should be able to use its registered
functions - say 3DES.

If both ssh and mod_ssl use the same
library - openssl - and its functions (3DES),
how come that one application benefits
from the hardware acceleration and
the other one does not?!

If there are other details that I'm missing
in this picture I'll be glad to know them.

Thank you

Rumen Telbizov

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: andy_at_lewman.com: "Re: recommended SSL-friendly crypto accelerator"
• In reply to: Charles Swiger: "Re: recommended SSL-friendly crypto accelerator"
• Next in thread: Lev Walkin: "Re: recommended SSL-friendly crypto accelerator"
• Reply: Lev Walkin: "Re: recommended SSL-friendly crypto accelerator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SSH - securing the port ... > a Solaris server and a Windows box (with the companion piece F-secure ... > that SSH is not secure. ... I had hoped that with the move of crypto from the munitions ... keys and algorithm, not the sourcecode. ... (comp.unix.solaris) Re: public-key ssh into VMS 7.3-1 ... TCPIP V5.4 includes SSH. ... on a COMPAQ Professional Workstation XP1000 running OpenVMS V7.3-2 ... planning to use keys which were generated on a foreign/different ... I tried generating the keys on VMS with the "openssl" tool. ... (comp.os.vms) Re: HIFN devices, crypto and userland ... PCI HIFN-based devices from Soekris that could be used to speed up what ... is now processor-bound crypto stuff I might be doing in the future. ... OpenSSL uses crypto ... API and ask for hardware support for a session (which then goes through ... (comp.unix.bsd.openbsd.misc) Re: recommended SSL-friendly crypto accelerator ... We have a crypto cardinstalled. ... > openssl functions say mod_ssl, ... the main thing to accelerate in SSL is usually not ... In order to take advantage of the underlying hardware, ... (FreeBSD-Security) Re: Hifn 7955/7956 crypto accelerator questions ... Does openssl today make correct use of the crypto hardware? ... We are usually just using 1 stream per transfer session per host, but the server could be getting multiple streams. ... Assuming two FreeBSD computers with crypto accelerators are ... (freebsd-current)