On Tue, Jan 02, 2007 at 01:43:14PM -0500, John Ioannidis wrote: > There is too much conflicting information out there. Can someone > please recommend an SSL accelerator board that they have personally > tested and used, that works with the 2.6.* kernels and the current > release of OpenSSL, and is actually an *accelerator* (I've used a > board from a certain otherwise famous manufacturer that acted as a > decelerator...). I only need this for SSL, not for IPsec. >
I don't have any experience with any hardware in this space, but you should be clear about one thing: - Are you trying to accelerate symmetric bulk crypto of the SSL payload, or the PKI operations in a cold SSL handshake? Depending on the application and load, and given a suitable SSL session cache, the PKI load may be negligible. For example, traffic between two fixed MTAs with caches on both sides only does one SSL handshake per cache TTL and then just bulk crypto for many deliveries that reuse the cached SSL session. So what is your load like? -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]