Hello everyone, I've been a big fan of hardware crypto acceleration for some time. On x86 I especially like VIA Padlock (available in C3/C7 cpus):
http://www.logix.cz/michal/devel/padlock/ I've patched several apps using OpenSSL 0.9.7 to support padlock and the results really are pretty amazing. There are now patches available for OpenSSL 0.9.8 to init the hardware engine for any app compiled against the patched version of OpenSSL. Like the author says, no more patching apps for padlock! However for those of us stuck with OpenSSL 0.9.7 for the time being, where might I begin to look in the sources to patch SSL/TLS support in FreeSWITCH? 1) SIP-TLS 2) SRTP 3) Curl w/ HTTPS 4) What else? The other question (maybe the first question) is - what ciphers are typically negotiated for SRTP (where I expect most of the work to be)? All I've ever seen is AES_CM_128_HMAC_SHA1_32, which *should* do fairly well on cores that have hashing in hardware (Esther/C7). P.S. - I understand that for many configurations I can side step RTP handing all together, or simply pass it through FreeSWITCH. However, in many situations (SIP-TLS SRTP on handset -> SIP UDP RTP SIP provider) this isn't possible and FreeSWITCH would need to decrypt the incoming RTP stream/encrypt the outgoing stream (which works perfectly, btw). Thoughts? -- Kristian Kielhofner http://blog.krisk.org http://www.submityoursip.com http://www.astlinux.org http://www.star2star.com _______________________________________________ Freeswitch-users mailing list [email protected] http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
