On Tue, 8 Jan 2008, Peter Stuge wrote:

>> I also splitted the patches so it will be clear what goes to where
>> and why.
>> Available for OpenSSH and Portable OpenSSH versions, and X.509
>> functionality.

> Cool! Have you made any research on pkcs#11 in OpenBSD? I asked
> around in #openbsd on freenode some time ago but noone there had
> heard any strong opinions either for or against it.
> OpenBSD has support for hardware crypto, but that's all in the kernel
> and I suppose applications all use whatever native API:s there are,
> which then may or may not be accelerated.
> Might be interesting to check out. OpenVPN supposedly can make use of
> the hw crypto acceleration. I don't know at all about the scope of
> OBSD hw crypto support. Perhaps a p11 wrapper for the OBSD native API
> would be useful.

IIRC, any application using OpenSSL with a supported encryption hardware
gains the performance boost under OpenBSD.

I know I did some research a few years ago and almost picked up a Soekris
with a VPN card. Just started considering how much CPU cycles my home
server uses and realized I wouldn't be happy with it.

- Ben
openssh-unix-dev mailing list