I haven't tried replacing the entire SSL processing - but what I've definitely done successfully is to replace the crypto in OpenSSL. It works perfectly as long as you stick to the OpenSSL Engine conventions.
The only change I had to do in Apache was to enable loading of dynamic engines - load the 'dynamic' instead of 'engine_name' in ssl_engine_init() (if you use 'SSLCryptoDevice engine_name'). BTW, wouldn't it be better to load the 'dynamic' engine by default so that Apache can be configured to use *any* OpenSSL Engine and not just the default set of engine(s). Do you see any problems with that ? -Madhu On Wed, 13 Oct 2004 16:04:25 -0700, Gurpreet Grewal <[EMAIL PROTECTED]> wrote: > I am trying to use a security processor (BCM 5823 from BroadCom) for > SSL processing. The whole objective is to make this security processor > do the SSL processing for any HTTPS requests the Apache server > recieves. > > Apache uses OpenSSL for SSL processing, instead of doing this I want > to be able to off load the SSL processing to the security processor. > Any one who has worked > on such a problem? Any help would be appreicated. > > Thanks > Grewal >
