httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <san...@temme.net>
Subject Re: Apache with Security Processor - Interesting
Date Thu, 14 Oct 2004 04:20:17 GMT
Hi Gurpreet,

On Oct 13, 2004, at 4:04 PM, Gurpreet Grewal wrote:

> I am trying to use a security processor (BCM 5823 from BroadCom) for
> SSL processing. The whole objective is to make this security processor
> do the SSL processing for any HTTPS requests the Apache server
> recieves.
>
> Apache uses OpenSSL for SSL processing, instead of doing this I want
> to be able to off load the SSL processing to the security processor.
> Any one who has worked
> on such a problem? Any help would be appreicated.

As Madhu points out, the Broadcom chip works as crypto offload engine  
behind OpenSSL. I doesn't take care of all SSL processing: if you want  
that you might want to look at Layer N Networks (http://www.layern.com/  
disclaimer: I work there).

The hardware crypto engine in OpenSSL must be enabled programmatically.  
Unfortunately, support for the OpenSSL engine is not really mainstream  
yet in Apache 2.0. There is some code in HEAD (a.k.a. Apache 2.1),  
which is waiting for some build phase magic and more votes for a  
backport: see the Apache 2.0 STATUS file

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/STATUS? 
rev=1.751.2.1122&only_with_tag=APACHE_2_0_BRANCH&view=markup

(scroll down about 1/4 or search for 	SSL_EXPERIMENTAL_ENGINE).

The SSL_EXPERIMENTAL_ENGINE stuff is in Apache 2.0 today, but IIRC it  
doesn't actually work. You may need to use a CVS checkout of httpd-2.0  
HEAD, but do tell us what you find.

S.

-- 
sander@temme.net              http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

Mime
View raw message