hardware crypto and SSL?

Jason Stone freebsd-security at dfmm.org
Wed Oct 22 07:20:45 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> When you say that they help quite a bit, do you mean for http+SSL or
> some other application?
>
> What I'm getting at is this: can anyone actually confirm that using
> hardware crypto can increase http+SSL speeds? I've yet to find any
> mention of it on the web.

So, I haven't run such boards personally, but that is the intention, yeah.
I think that the way it works is that the kernel has drivers for the
various crypto boards and makes access to those boards available via
/dev/crypto or something, and that openssl knows to look for that
interface and, if it exists, pass whatever expensive crypto functions it
can off to the board.  Then any app that uses openssl (eg, apache-mod_ssl)
will automatically use and benefit from the crypto hardware.

At least, that's the way I think it works under openbsd, and I imagine
that that functionality was all imported when the openbsd crypto device
stuff was imported.


 -Jason

 --------------------------------------------------------------------------
 Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
 that he was insufficiently fondled when he was an infant.
	-- Ashley Montagu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE/lpI7swXMWWtptckRAuBWAJ4tWIHkFSiP/Mc4w8Fs6QLqo15ZMgCfTfWL
LVvlnsetqJLyki1Um3VlNAk=
=njpa
-----END PGP SIGNATURE-----


More information about the freebsd-security mailing list