Thanks a lot for your reply! >>> On 6/8/2011 at 09:42 PM, in message <20110608134254.ga6...@panix.com>, Thor Lancelot Simon <t...@panix.com> wrote: > On Tue, Jun 07, 2011 at 10:58:20PM -0600, Guan Jun He wrote: >> Hi, Openssl Developpers: >> >> We have a platform with cryptographic hardware,and we try to take > advantage >> of the platform's hardware cryptographic features.But openSSL compresses > data >> before the encryption, having a massive performance impact(throughput > decrease, >> CPU load increase) on platforms with cryptographic hardware. >> >> There are probably two methords to work-around it: >> * environment variable, the attached patch is written for this methord. >> it's produced against oepnssl version 0.9.8, it other versions also need > the >> patch,we are glad to submit it. >> * add an item to configure file openssl.cnf. >> >> What do you think about this? > > Again, I think this should be configured via an option on the SSL_CTX.
this does not help performance impact on platforms with cryptographic hardware. Do you think like this: * on the SSL_CTX, make decesion to check if the cryptographic hardware exist(I am not clear how to detect,and I guess this is not a good idea), if true,then trun off compression; if false, then everything keep the same as default. (advantage: auto detect, no need configure step; disadvantage: no freedom to choose; detect methords may be complex.) or * Just move the option to SSL_CTX, do not care using environment variable or other methords. (why) best, Guanjun > > Thor > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org