I think you're missing the point that software support exists; pfSense
supports software AES *now*, and this is being removed. New technology
is cool; things not working anymore is not.

Anyway, what are are other projects such as the TLS libraries doing
about this? Is hardware acceleration really the only solution?

On 02/15/2018 01:39 PM, Walter Parker wrote:
> Well, both Intel and AMD starting shipping the AES-NI instructions 8 years
> ago...
>
> How long does a project need to wait before it can require a feature found
> on all major x64 processors? Waiting 8-9 years seems reasonable to me.
>
> Given the fact that the project is only supporting 64-bit and suggests
> using a modern processor this requirement should be a non issue for most
> users.
>
> The only place where the AES-NI instructions are not found is in a small
> number of embedded/dev boards using older Celeron processors.
>
>
> Walter
>
> On Thu, Feb 15, 2018 at 9:37 AM, Kyle Marek <pspps...@gmail.com> wrote:
>
>> This is silly. I shouldn't have to replace my hardware to support a
>> feature I will not use...
>>
>> I shame Netgate for such an artificial limitation...
>>
>> Thank you for the information.
>>
>> On 02/15/2018 12:20 PM, Eero Volotinen wrote:
>>> Well:
>>>
>>> https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html so we are
>> talking
>>> about 2.5 not 3.x ?
>>>
>>> "While we’re not revealing the extent of our plans, we do want to give
>>> early notice that, in order to support the increased cryptographic loads
>>> that we see as part of pfSense verison 2.5, pfSense Community Edition
>>> version 2.5 will include a requirement that the CPU supports AES-NI. On
>>> ARM-based systems, the additional load from AES operations will be
>>> offloaded to on-die cryptographic accelerators, such as the one found on
>>> our SG-1000 <https://www.netgate.com/products/sg-1000.html>. ARM v8 CPUs
>>> include instructions like AES-NI
>>> <https://www.arm.com/files/downloads/ARMv8_Architecture.pdf> that can be
>>> used to increase performance of the AES algorithm on these platforms."
>>>
>>>
>>> Eero
>>>
>>> On Thu, Feb 15, 2018 at 7:18 PM, Edwin Pers <ep...@ansencorp.com> wrote:
>>>
>>>> I believe I read somewhere that the new version that requires aes-ni
>> will
>>>> be 3.x, and they plan to continue the 2.x line alongside it, as 3.x
>> will be
>>>> a major rewrite
>>>>
>>>>
>>>> -Ed
>>>>
>>>> -----Original Message-----
>>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
>>>> Volotinen
>>>> Sent: Thursday, February 15, 2018 12:14 PM
>>>> To: Kyle Marek <pspps...@gmail.com>
>>>> Cc: pfSense Support and Discussion Mailing List <list@lists.pfsense.org
>>>> Subject: Re: [pfSense] Configs or hardware?
>>>>
>>>> Well. Next version of pfsense (2.5) will not install into hardware that
>>>> does not support AES-NI, so buying such hardware is not wise ?
>>>>
>>>> Eero
>>>>
>>>>
>>>> _______________________________________________
>>>> pfSense mailing list
>>>> https://lists.pfsense.org/mailman/listinfo/list
>>>> Support the project with Gold! https://pfsense.org/gold
>>>>
>>> _______________________________________________
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>> _______________________________________________
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to