recommended SSL-friendly crypto accelerator

andy at lewman.com andy at lewman.com
Thu Apr 15 11:03:21 PDT 2004 

Yes, it appears to be both ssh and apache w/ssl.

Here's ssh alone, from console, with single session login with rsa key:

phobos# apachectl stop
phobos# ./hifnstats 
input 485139168 bytes 1563934 packets
output 485139168 bytes 1563934 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0

phobos# ./hifnstats
input 485141328 bytes 1563962 packets
output 485141328 bytes 1563962 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0

with ssh stopped, apache2 w/ssl hitting an ssl enabled site on the
server:

phobos# ./hifnstats
input 485226224 bytes 1565175 packets
output 485226224 bytes 1565175 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0

<insert site hit here>

phobos# ./hifnstats
input 485232512 bytes 1565205 packets
output 485232512 bytes 1565205 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0

And for the heck of it, here's my crypto stats, but this doesn't mean
it's going through the card; if i'm understanding it correctly.

./cryptostats 
1565690 symmetric crypto ops (0 errors, 0 times driver blocked)
5 key ops (5 errors, 0 times driver blocked)
0 crypto dispatch thread activations
5 crypto return thread activations


On Thu, Apr 15, 2004 at 11:05:30AM -0400, mike at sentex.net wrote 0.5K bytes in 16 lines about:
: At 10:51 AM 15/04/2004, andy at lewman.com wrote:
: >hifnstats shows decent amounts of traffic through it (at least
: >interrupts) however cryptokeytest doesn't work due to an unsupport call
: >apparently.
: >
: >Here's my hifnstats:
: >
: >input 476104224 bytes 1527365 packets
: >output 476104224 bytes 1527365 packets
: 
: But is that your ssh session that is being accelerated ?  To test, login 
: via the console, or login using blowfish as the cipher.  Then run hifnstats 
: and make sure that the packet counters are not incrementing.  Then do your 
: https test.
: 
:         ---Mike 

--

More information about the freebsd-security mailing list