Dear List, I would like to know if anyone has installed one of those Rainbow CryptoSwift PCI, SSL accelerators under FreeBSD? I was looking in the LINT file about the support of those cards but couldn't find anything. As far as I know there should be a kld (or in-kernel) support for those and some sort of integration between openssl and the card. My configuration is: FreeBSD 4.9-STABLE, Apache 1.3+mod_ssl and openssl! Thank you in advance. P.S. If you have any experience with any other cards (non Rainbow) I would appreciate if you share your opinion.
I dont know about the card you mention below, but the ones specifically mentioned in the man pages are safe (4) ubsec (4) hifn (4) We have used HiFn 7951 based cards with really great results for IPSEC and ssh acceleration. We bought the cards from www.soekris.com (VPN1201 and VPN1211). The new card, the vpn1401 looks promising, but the drivers are broken right now so I would stay away from it and cards based on that chip. ---Mike At 04:14 AM 26/01/2004, Rumen Telbizov wrote:>Dear List, > >I would like to know if anyone has installed one of those >Rainbow CryptoSwift PCI, SSL accelerators under FreeBSD? >I was looking in the LINT file about the support of those >cards but couldn't find anything. >As far as I know there should be a kld (or in-kernel) support for >those and some sort of integration between openssl and the >card. >My configuration is: FreeBSD 4.9-STABLE, Apache 1.3+mod_ssl >and openssl! > >Thank you in advance. > >P.S. >If you have any experience with any other cards (non Rainbow) >I would appreciate if you share your opinion. >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Thanks Chuck, I saw the price on the site it's $79 for the vpn1201. Another question: While looking in the crypto(4) man page I saw a list of all the "potential" cryptographic features. They are: CRYPTO_DES_CBC CRYPTO_3DES_CBC CRYPTO_BLF_CBC CRYPTO_CAST_CBC CRYPTO_SKIPJACK_CBC CRYPTO_MD5_HMAC CRYPTO_SHA1_HMAC CRYPTO_RIPEMD160_HMAC CRYPTO_MD5_KPDK CRYPTO_SHA1_KPDK CRYPTO_AES_CBC CRYPTO_ARC4 CRYPTO_MD5 CRYPTO_SHA1 CRK_MOD_EXP CRK_MOD_EXP_CRT CRK_DSA_SIGN CRK_DSA_VERIFY CRK_DH_COMPUTE_KEY I don't see anything related to RSA computations?! Do you see any real acceleration in the RSA operations while using this card or there is NO support for RSA in the crypto device ? Thanks in advance Rumen Telbizov On Mon, Jan 26, 2004 at 10:43:38AM -0500, Charles Swiger wrote:> On Jan 26, 2004, at 4:14 AM, Rumen Telbizov wrote: > >I would like to know if anyone has installed one of those > >Rainbow CryptoSwift PCI, SSL accelerators under FreeBSD? > > I'm using the HiFN 7951 from Soekris.com which performs crypto > acceleration: > > hifn0 mem 0xf4100000-0xf4100fff,0xf4101000-0xf4101fff irq 7 at device > 13.0 on pci0 > hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions > > This card doesn't do AES, however, just the older algorithms like DES. > > -- > -Chuck > >
On Jan 26, 2004, at 4:14 AM, Rumen Telbizov wrote:> I would like to know if anyone has installed one of those > Rainbow CryptoSwift PCI, SSL accelerators under FreeBSD?I'm using the HiFN 7951 from Soekris.com which performs crypto acceleration: hifn0 mem 0xf4100000-0xf4100fff,0xf4101000-0xf4101fff irq 7 at device 13.0 on pci0 hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions This card doesn't do AES, however, just the older algorithms like DES. -- -Chuck
On Mon, Jan 26, 2004 at 01:57:17PM -0500, Mike Tancsa wrote:> At 10:56 AM 26/01/2004, Rumen Telbizov wrote: > >I don't see anything related to RSA computations?! > >Do you see any real acceleration in the RSA operations > >while using this card or there is NO support for RSA in > >the crypto device ? > > Nope, no RSA support. >Wow ... wait a sec. You mean that there is NO RSA support in the /dev/crypto? If I get it right this means that there is virtually NO card (even with the fastest RSA) that I could use? Or at least not to accelerate the RSA computations because the kernel does not support the interface to the card for RSA? I am primarily interested in accelerating the SSL handshake and since I am using RSA key exchange (with 2048 bit keys) this means that I better forget about those cards at all? It is interesting that on the rainbow.com's site they say: (http://www.rainbow.com/products/cryptoswift/index.asp) Rainbow Technologies' Cryptoswift SSL Acceleration product line is unparalleled in its support of major operating systems and web servers such as: -Win2k -WinNT -Sun/Solaris -Linux -HP/UX -FreeBSD -BSDi -AIX -Microsoft IIS -Apache -iPlanet -Netscape -C2Net Stronghold -IBM What kind of support do they mean? Just symmetric chipers or what? Thank you for your reply Rumen Telbizov