hi, since Nevada build 99, SunSSH will be able to make use of the HW
acceleration through the OpenSSL PKCS#11 engine. The code will be available
through the upcoming OpenSolaris 2008.11 release or when SXCE B99 is out.
More details on the finished project, including some info on a S10 backport
is in the blog entry below.
cheers, J.
MORE DETAILS
------------
This project allows for both the SunSSH server and the client to use the
Solaris Cryptographic Framework (CF) through the OpenSSL PKCS#11 engine.
SunSSH now uses the CF for hardware crypto acceleration of symmetric crypto
algorithms which is crucial to the data transfer speed. Niagara 2 platform
with its n2cp(7d) crypto driver is the primary target here.
Note that Niagara 1 will not see any difference since its ncp(7d) driver
does not support symmetric crypto algorithms. Platforms without any hardware
crypto plugins are not affected by this change either no matter how the new
"UseOpenSSLEngine" option is set. The option is set "on" by default so there
is no need to update users' or servers' SSH configuration files.
Tests show that on Niagara 2, the time of the data transfer in the default
case drops to 35-40% of its previous value (2.5-3x speed up).
REFERENCES
----------
http://blogs.sun.com/janp/entry/sunssh_with_hw_crypto_support
http://www.opensolaris.org/os/community/arc/caselog/2008/520/
http://bugs.opensolaris.org/view_bug.do?bug_id=6445288
---
Jan Pechanec
