recommended SSL-friendly crypto accelerator

andy at lewman.com andy at lewman.com
Thu Apr 15 11:05:19 PDT 2004 

Of course, after I send this, I realize I'm using aes-128 on the ssh
side.  Sorry, I can't reconfig the sshd right now, but will try later on
tonight.

-Andrew

On Thu, Apr 15, 2004 at 02:03:17PM -0400, andy at lewman.com wrote 2.3K bytes in 76 lines about:
: Yes, it appears to be both ssh and apache w/ssl.
: 
: Here's ssh alone, from console, with single session login with rsa key:
: 
: phobos# apachectl stop
: phobos# ./hifnstats 
: input 485139168 bytes 1563934 packets
: output 485139168 bytes 1563934 packets
: invalid 0 nomem 0 abort 0
: noirq 0 unaligned 0
: totbatch 0 maxbatch 0
: nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
: 
: phobos# ./hifnstats
: input 485141328 bytes 1563962 packets
: output 485141328 bytes 1563962 packets
: invalid 0 nomem 0 abort 0
: noirq 0 unaligned 0
: totbatch 0 maxbatch 0
: nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
: 
: with ssh stopped, apache2 w/ssl hitting an ssl enabled site on the
: server:
: 
: phobos# ./hifnstats
: input 485226224 bytes 1565175 packets
: output 485226224 bytes 1565175 packets
: invalid 0 nomem 0 abort 0
: noirq 0 unaligned 0
: totbatch 0 maxbatch 0
: nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
: 
: <insert site hit here>
: 
: phobos# ./hifnstats
: input 485232512 bytes 1565205 packets
: output 485232512 bytes 1565205 packets
: invalid 0 nomem 0 abort 0
: noirq 0 unaligned 0
: totbatch 0 maxbatch 0
: nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
: 
: And for the heck of it, here's my crypto stats, but this doesn't mean
: it's going through the card; if i'm understanding it correctly.
: 
: ./cryptostats 
: 1565690 symmetric crypto ops (0 errors, 0 times driver blocked)
: 5 key ops (5 errors, 0 times driver blocked)
: 0 crypto dispatch thread activations
: 5 crypto return thread activations
: 
: 
: On Thu, Apr 15, 2004 at 11:05:30AM -0400, mike at sentex.net wrote 0.5K bytes in 16 lines about:
: : At 10:51 AM 15/04/2004, andy at lewman.com wrote:
: : >hifnstats shows decent amounts of traffic through it (at least
: : >interrupts) however cryptokeytest doesn't work due to an unsupport call
: : >apparently.
: : >
: : >Here's my hifnstats:
: : >
: : >input 476104224 bytes 1527365 packets
: : >output 476104224 bytes 1527365 packets
: : 
: : But is that your ssh session that is being accelerated ?  To test, login 
: : via the console, or login using blowfish as the cipher.  Then run hifnstats 
: : and make sure that the packet counters are not incrementing.  Then do your 
: : https test.
: : 
: :         ---Mike 
: 
: -- 
: 
: _______________________________________________
: freebsd-security at freebsd.org mailing list
: http://lists.freebsd.org/mailman/listinfo/freebsd-security
: To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

--

More information about the freebsd-security mailing list