Hi Gurpreet,
On Oct 13, 2004, at 4:04 PM, Gurpreet Grewal wrote:
I am trying to use a security processor (BCM 5823 from BroadCom) for SSL processing. The whole objective is to make this security processor do the SSL processing for any HTTPS requests the Apache server recieves.
Apache uses OpenSSL for SSL processing, instead of doing this I want to be able to off load the SSL processing to the security processor. Any one who has worked on such a problem? Any help would be appreicated.
As Madhu points out, the Broadcom chip works as crypto offload engine behind OpenSSL. I doesn't take care of all SSL processing: if you want that you might want to look at Layer N Networks (http://www.layern.com/ disclaimer: I work there).
The hardware crypto engine in OpenSSL must be enabled programmatically. Unfortunately, support for the OpenSSL engine is not really mainstream yet in Apache 2.0. There is some code in HEAD (a.k.a. Apache 2.1), which is waiting for some build phase magic and more votes for a backport: see the Apache 2.0 STATUS file
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/STATUS? rev=1.751.2.1122&only_with_tag=APACHE_2_0_BRANCH&view=markup
(scroll down about 1/4 or search for SSL_EXPERIMENTAL_ENGINE).
The SSL_EXPERIMENTAL_ENGINE stuff is in Apache 2.0 today, but IIRC it doesn't actually work. You may need to use a CVS checkout of httpd-2.0 HEAD, but do tell us what you find.
S.
-- [EMAIL PROTECTED] http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
smime.p7s
Description: S/MIME cryptographic signature
