Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Hardware-accelerated IPsec, anyone?



> OpenSSL is the largest part of the problem: the OpenSSL team is
> basically hostile to any attempts to even discuss fixing their
> accelleration abstractions in a way which would make it possible to
> use record ops or even accelerators which support HMAC directly!

Maybe it's heretical of me, but this sounds to me as though we should
be at least thinking about putting time and effort into finding ways to
dump OpenSSL, then, rather than finding ways to work around it.

FSVO "we" and "should", of course, this being an almost entirely
volunteer project.  (I can't help all that much; I don't have an
OpenSSL replacement to offer.  Closest I have is an ssh implementation
that does not use OpenSSL at all.  Could be a first step.  Maybe.)

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Home | Main Index | Thread Index | Old Index