Rumen Telbizov wrote: > >>>If both ssh and mod_ssl use the same >>>library - openssl - and its functions (3DES), >>>how come that one application benefits >> >>>from the hardware acceleration and >> >>>the other one does not?! >> >>In order to take advantage of the underlying hardware, openssl >>either uses their own code for dealing with hardware, or contains >>a wrapper which in turn employs the vendor-provided library installed >>on that host (typically, a shared library which will be attached by openssl >>during its initialization/setting up sequence). >> >>However, as >> 1) the host machine may have several hardware accelerators, and/or >> 2) it is not generally known whether requesting application really >> WANTS to accelerate things, >>the openssl needs to be explicitly initialized by the application to >>take advantage of additional hardware. Typically, it may done by either >>specifying the type of hardware at that application's configuration level, >>or an application itself may contain some defaults or "use first available >>crypto card" call to openssl. IT DEPENDS FROM APPLICATION TO APPLICATION, >>so the fact that every application on your host use openssl does not >>automatically mean that they'll use the accelerators. It well may be so that >>one application uses one crypto card, and another one uses a completely >>separate one, all being on a single machine. > > > Thanks. I didn't know that. > So it seems that mod_ssl does NOT tell the openssl to try to > use ANY of the crypto cards right? What possible may be > the reason that one application would not want to use > the hardware acceleration!? To leave resourses for other? > > I couldn't find any options for mod_ssl to enable > usage of crypto cards anyway. Option names are: for www/apache13-ssl port: SSLEngineID for www/apache13-modssl: SSLCryptoDevice By the way, Google is very helpful in finding the SSLEngineID. It shows over four documents in return %-) >>Further reading: >> >>man engine # This is an openssl hardware abstraction, mostly by Geoff Thorpe > > Thanks > > Rumen Telbizov -- Lev Walkin vlm@netli.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"