|
|
On Thu, 3 Mar 2005, Martijn Lievaart wrote: > Eugen Leitl said: > > On Thu, Mar 03, 2005 at 11:38:50AM +0100, Martijn Lievaart wrote: > >> Jamie Lokier wrote: > >> > >> >I've read that the VIA CPUs have instructions which help implementing > >> >symmetric crypto like AES, but are not much use for asymmetric > >> >public-key crypto such as the slowest part of certificate verification, > >> >and session key generation. > >> > >> True, AFAIK. > > > > True, currently. Does this bite for OpenVPN with static keys, too, though? > > > [ snip ] > > > > in a VServer-customer, and force AES-256 a cipher, will lack of RSA > > acceleration be an issue at all? > > I cannot comment on this. Anyone else? I *think* it will work OK (that is > all accelerated). In general, crypto accelerators focus on symmetric encryption (AES or Triple-DES), secure hashes (SHA-x), and random number generation. This will accelerate the encrypted "conversation" that occurs after initial authentication, but not necessarily the authentication process itself. OpenVPN can take advantage of all of these features in both SSL/TLS and static key mode, as long as the crypto accelerator is supported by OpenSSL (OpenSSL has a plugin capability where drivers for different crypto accelerators can be supplied as shared objects). You can use the OpenVPN --engine directive to choose a crypto accelerator or --show-engines to see a list. > My servers cost much less than E600, but then I have to pay for them > myself. Still, as long as you don't have hunderds of users (I have 5) you > can provide professional quality service. Only the Internet link will > remain a SPOF, the rest will be redundant before long. Speaking of redundancy in the internet connection, the new multi-homed patch for 2.0 that was discussed recently on the list will let you do something like host two redundant OpenVPN servers, and have each server be multihomed to two separate ISPs. That would eliminate both the OpenVPN server machine and the internet connection from the set of server-side SPOFs. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-03/msg00075.html on line 229 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-03/msg00075.html on line 229 |