Hi Grant, On 03/15/2017 12:46 PM, Emeric Brun wrote: > Hi Grant, > > On 03/15/2017 12:05 PM, Emeric Brun wrote: >> Hi Grant, >> >> On 02/04/2017 12:55 AM, Grant Zhang wrote: >>> This patch set adds the basic support for OpenSSL crypto engine and >>> async mode. >>> >>> Changes since V2: >>> - support keyword "algo" >>> - ensure SSL engines are initialized before loading certs. >>> - limit one async fd per SSL connection >>> - better integrate with event cache >>> >>> Changes since V1: >>> - add multiple engine support >>> - allow default algorithms to be specified for an engine >>> - remove the support for engine identifier "all" since (a) it is not >>> possible >>> to specify default algorithms for all engine and (b) "all" makes it hard >>> to >>> figure out what engine does what crypto algorithms. >>> - address Willy's other comments. >>> >> > > An other issue: > > i'm using that configuration: > > global > ssl-engine qat algo RSA > ssl-async > tune.ssl.default-dh-param 2048 > > listen ss > mode tcp > bind 0.0.0.0:8080 > server ssl 127.0.0.1:8443 ssl no-ssl-reuse verify none > > listen gg > mode http > bind 0.0.0.0:8443 ssl crt /root/2048.pem > redirect location / > > Unable to perform a clear request through 8080. There is no is issue if i > disable the engine or if i request directly in ssl on 8443. > > R, > Emeric >
There is some inconsistencies between the engine and the used client: here the conf: global tune.ssl.default-dh-param 2048 ssl-engine qat ssl-async listen gg mode http bind 0.0.0.0:8443 ssl crt /root/2048.pem redirect location / openssl s_client -connect performs well but curl failed: emeric@ebr-laptop:~/inject$ curl -k https://10.0.0.109:8443/ curl: (35) gnutls_handshake() failed: Bad record MAC If I comment the ssl-engine line, no more issue. R, Emeric the conf: