Hi,
We are currently producing an OpenSSL/mod_ssl/Apache solution that uses our
new h/w accelerator
card CSA8000. This card talks to the host using PKCS#11 interface and it
plugs-in to OpenSSL
via engine API. Currently it supports 0.9.6 version (in next few days we
will look
in 0.9.6a as well). Engine support is completely PKCS#11 based (it's not
h/w specific as other engines)
and should work with any cryptoki implementation. We tested it with
cryptoki for CSA7000, CSA8000
adapters and s/w based cryptoki. We don't have available any non-Eracom
cryptoki.
We got approval from management to opensource this patch for openssl if
there is an interest. It would
be great if we can catch the train for 0.9.7. How far is it?
I have few questions if we go further:
a) How much is engine API changed in 0.9.7. Will 0.9.6a port will work or
is demanding significant
change?
b) Does openssl development team have any means to test it with criptoki
implementation.
Because CSA8000 will be released in next few weeks it will be very hard to
get handle to one adapter.
We can maybe provide Eracom's s/w criptoki implementation for
openssl-development team.
c) Is it sufficient to give you a patch for 0.9.6a or we need to port it
on 0.9.7 shapshot first.
Cheers,
Zoran Radenkovic
ERACOM Products meeting today's security needs.
Visit our Website at: http://www.eracom.com.au
Or call ERACOM Pty. Ltd. on: +61 7 5593 4911
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
