|
|||
VIA Padlock
Well, I guess I was succesful relocating my small home server to openbsd, the board (Epia MII12000) has AES hw accel using padlock, and basically runs a nginx, php-fpm, mysql stack for some personal webservers, ssh server for outside access, exim for a few emails, netbsd-iscsi for backups, minidlna to stream music and video, a 2mbit/s gogoc tunnel for ip6. So far everything ok, it is probably faster than it was before, except sftp and scp file transfers are a lot slower than before, also nginx uses a lot more CPU than before transferring large files.
I have read that openbsd is bringing some innovation to openssl but I did not follow what is going on .... The openssl padlock engine is disabled, even if a comment in /usr/src/lib/libssl/crypto/Makefile: Code:
CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this? openssl speed -evp shows that padlock instructions are used by evp functions, but are nginx, exim and ssh using them? openssl speed -engine cryptodev instead is ~5/6 times slower, probably not using padlock. Code:
# openssl speed aes-192-cbc type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-192 cbc 4832.23k 5069.21k 5150.03k 12997.93k 13014.90k # openssl speed -evp aes-192-cbc type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-192-cbc 26500.36k 99317.35k 268582.62k 464052.28k 589470.85k # openssl speed -engine cryptodev aes-192-cbc type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-192 cbc 4778.00k 5014.26k 5122.80k 12946.75k 13032.20k # Will nginx use padlock? should I set ssl_engine cryptodev; or not?. Last edited by ermanno; 16th July 2014 at 12:50 PM. |
|
|