[tor-talk] [tor-relays] HardwareAccel: Current proper use???

usprey usprey at gmail.com
Sat Jan 3 13:35:28 UTC 2015


On 3 January 2015 at 13:34, coderman <coderman at gmail.com> wrote:
> On 1/3/15, usprey <usprey at gmail.com> wrote:
>> Summary:
>> The documentation is still somewhat vague on the best use of the
>> "HardwareAccel" option.
>
>
> you could submit a patch ;)
>

I will be glad to, but will have to know what to write first. =)

>
>
>>> *HardwareAccel* *0*|*1*
>>>
>>> If non-zero, try to use built-in (static) crypto hardware acceleration
>>> when available. (Default: 0)
>
> in OpenSSL land, there are two types of crypto offload / hw engines:
>  built-in (static), and dynamically loaded (dynamic).
>
> the "HardwareAccel 1" option says to enable the built-in / static
> engines.  you may have a patched OpenSSL that will automatically try
> dynamic engines without explicitly attempting to load them by name (as
> libengine.so dlopen'ed implementations).
>
>
>
>> https://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration
>> claims
>> no intervention is needed in regards of aes-ni accelaration, but I would
>> like to add an explanation or source to this recommendation.
>
> in some versions of OpenSSL, you will need to enable HardwareAccel
> (but not use a dynamic engine - aesni is built-in / static).
>
> you will need to consult the distribution of OpenSSL you are using to
> be sure - it varies by version and pkg maintainers.
>

ty, will research further.

>
>
>> Question_1:
>> If my CPU supports and have loaded aesni_intel on linux with OpenSSL is
>> 1.0.1.j-1, should I leave HardwareAccel off or explicitly enable it?
>
> leave HardwareAccel 1, but do not bother with a dynamic named engine opt.

k, ty very much sir! =)

> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


More information about the tor-talk mailing list