At 11:18 AM 08/04/2004, Poul-Henning Kamp wrote: >In message <20040408144322.GA83448@bewilderbeast.blackhelicopters.org>, >"Michae >l W. Lucas" writes: > >(Yes, that's a serious concern; I'm looking at 15,000 simultaneous > >users on a SSL Web site, and would prefer to avoid spending the big > >bucks on a so-called "hardware SSL accelerator.") > >Whee :-) Although the chip does asymetric transformations, the driver does not. Check the man page The hifn driver registers itself to accelerate DES, Triple-DES, AES (7955 and 7956 only), ARC4, MD5, MD5-HMAC, SHA1, and SHA1-HMAC operations for And even then, openssl is not necessarily tied to the card's functions. For sure des and aes do work, but in my limited tests against a server with apache-ssl installed, it doesnt seem to make use of the card. Looking at a box with a crypto card installed, % hifnstats input 351328 bytes 4760 packets output 351328 bytes 4760 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 .... I then connect via https to that machine % !hi input 351328 bytes 4760 packets output 351328 bytes 4760 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 So it appears out of the box it doesnt make use of the card's capabilities. ---Mike _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"