[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] HardwareAccel: Current proper use???

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] HardwareAccel: Current proper use???
From: coderman <coderman@xxxxxxxxx>
Date: Sat, 3 Jan 2015 04:34:25 -0800
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 03 Jan 2015 07:34:58 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Wzo4y0tdtGouOjuSuUK3wyDj2hMD0Ra9Z9rVDhWoQEE=; b=uDCd+iu2GWqqlL5bbQTICZgOF06GcRLcJgSrwBb9WE5iHuYrtsJK+4uSNeagINvs0N Xvb7XlpN0AnBFIlpDHPNvpgetp0ZhcxR8TpnbKgopOpoq25FMoccttKvWuIqNhaO3SaS eLNONH3xlBcmQS42p4tHtXs49yuLMOOwRiw2t03K0S5jLlwK00wR9e9MSw1Leb6Ed0lu NAJTh26FaM1PWE8i5PTHk2/2ih+WxnqJNATPAHFoezmBwhrRcL8nxwWrRjW0VTgXrqjh nU5Q2z/Eb3uiU4d6hV8F0Xhvt9zmf4NOLI7OEZA+q+J5ndSsldxgh9wDyuN7gcbB9tm8 bROQ==
In-reply-to: <CAOmikWHB8yhfvHNh0ZW-d51zKbswZ_-6awgFvLR0dEB+OKvOBA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAOmikWHB8yhfvHNh0ZW-d51zKbswZ_-6awgFvLR0dEB+OKvOBA@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 1/3/15, usprey <usprey@xxxxxxxxx> wrote:
> Summary:
> The documentation is still somewhat vague on the best use of the
> "HardwareAccel" option.

you could submit a patch ;)

>> *HardwareAccel* *0*|*1*
>>
>> If non-zero, try to use built-in (static) crypto hardware acceleration
>> when available. (Default: 0)

in OpenSSL land, there are two types of crypto offload / hw engines:
 built-in (static), and dynamically loaded (dynamic).

the "HardwareAccel 1" option says to enable the built-in / static
engines.  you may have a patched OpenSSL that will automatically try
dynamic engines without explicitly attempting to load them by name (as
libengine.so dlopen'ed implementations).

> https://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration
> claims
> no intervention is needed in regards of aes-ni accelaration, but I would
> like to add an explanation or source to this recommendation.

in some versions of OpenSSL, you will need to enable HardwareAccel
(but not use a dynamic engine - aesni is built-in / static).

you will need to consult the distribution of OpenSSL you are using to
be sure - it varies by version and pkg maintainers.

> Question_1:
> If my CPU supports and have loaded aesni_intel on linux with OpenSSL is
> 1.0.1.j-1, should I leave HardwareAccel off or explicitly enable it?

leave HardwareAccel 1, but do not bother with a dynamic named engine opt.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] [tor-relays] HardwareAccel: Current proper use???
  - From: usprey

References:
- [tor-talk] HardwareAccel: Current proper use???
  - From: usprey

Prev by Author: [tor-talk] please advise on renting a gigabit capable dedicated server
Next by Author: Re: [tor-talk] force apt-get & yum updates through tor? - don't use polipo
Previous by thread: [tor-talk] HardwareAccel: Current proper use???
Next by thread: Re: [tor-talk] [tor-relays] HardwareAccel: Current proper use???
Index(es):
- Author
- Thread