Hi > I can second/confirm Mike's observations here. > > I've got a pair of HI/FN 7951 cards which gets used by SSH if I select > 3DES, but there is no sign that Apache attempts to use it for either > the public-key RSA/DSA crypto during HTTPS session startup, nor later > for the symmetric crypto. Excuse my ignorance but I think it would be appropriate to clearify the architecture of using cryptocards with openssl. Sorry if this has been discussed. I assume the following: 1. We have an ssl library - openssl. 2. We have a crypto card(s) installed. 3. We have applications using openssl functions say mod_ssl, ssh. If the crypto card is supported, then openssl should be able to use its registered functions - say 3DES. If both ssh and mod_ssl use the same library - openssl - and its functions (3DES), how come that one application benefits from the hardware acceleration and the other one does not?! If there are other details that I'm missing in this picture I'll be glad to know them. Thank you Rumen Telbizov _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"