Hi all,
We are using STunnel v.3.x and STunnel v.4.x on different systems (Application Servers and DB Servers, on HP and Sun mainframe hardware).
We have noticed that the STunnel load is quite heavy for the CPUs of each Server. So, we are beginning to study and analyze a solution that allows we to use STunnel without generate overhead on the CPUs.
A good solution could be using a SSL Accelerator card as "SSL engine", in order to offloading the calls to the card CPU.
We have also read the following topic in your mailing-list regarding a solutions similar to ours: List: stunnel-users Subject: SSL Accelerator supporto for Stunnel
Can you suggest us a list of "SSL Accelerator card" model (and vendor) to install and configure with STunnel?
Anyway, do you suggest us to upgrade the STunnel version to the last stable on each Server?
Thanks in advance for the support.
Awaiting for your kind feedback and suggestions.
Best Regards. Dom
*********** Scopri la nuova Alice Mail! http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer 1 GB di spazio con antivirus, antispam e fino a 2 GB di allegati. http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer Registrati GRATIS http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer
On Mon, 15 Oct 2007, domstra@alice.it wrote:
Can you suggest us a list of "SSL Accelerator card" model (and vendor) to install and configure with STunnel?
Anyway, do you suggest us to upgrade the STunnel version to the last stable on each Server?
I'd say always use the latest stable version, as there are bug fixes.
As for cards, it isn't stunnel, but rather openssl that provides the support. Here's a web page of all sorts of information on it:
http://www.kegel.com/ssl/hw.html
Peace, Gary
********* ***** ** Gary Coulbourne *************************.* Bear Activist ****** *********** ** *******o ******* ********* **** ****`- Systems Administrator ******* ********* ***** http://www.bears.org ****** ********** **** bear@bears.org ## ***** ***** ## **** KB3INA ### ***** ### **** Animal Conservation/Preservation #,,, ***,,, ##,,, **,,,
Thank you Gary!
I visited the web page you suggested me (http://www.kegel.com/ssl/hw.html) and I could read several interesting informations. Unfortunately, some of this informations are obsolete, anyway, I would evaluate the "nChiper nForce" card with STunnel.
Do you know if is possible to configure STunnel in order to use the "engine" of nChiper nForce" card? If it is, could you provide me a configuration example regarding the using of STunnel with nChiper nForce" card?
Thanks a lot! Dom
________________________________
Da: bear@bears.org [mailto:bear@bears.org] Inviato: lun 15/10/2007 13.52 A: domstra@alice.it Cc: stunnel-users@mirt.net Oggetto: Re: [stunnel-users] SSL Accelerator card and Stunnel
On Mon, 15 Oct 2007, domstra@alice.it wrote:
Can you suggest us a list of "SSL Accelerator card" model (and vendor) to install and configure with STunnel?
Anyway, do you suggest us to upgrade the STunnel version to the last stable on each Server?
I'd say always use the latest stable version, as there are bug fixes.
As for cards, it isn't stunnel, but rather openssl that provides the support. Here's a web page of all sorts of information on it:
http://www.kegel.com/ssl/hw.html
Peace, Gary
********* ***** ** Gary Coulbourne *************************.* Bear Activist ****** *********** ** *******o ******* ********* **** ****`- Systems Administrator ******* ********* ***** http://www.bears.org http://www.bears.org/ ****** ********** **** bear@bears.org ## ***** ***** ## **** KB3INA ### ***** ### **** Animal Conservation/Preservation #,,, ***,,, ##,,, **,,,
*********** Scopri la nuova Alice Mail! http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer 1 GB di spazio con antivirus, antispam e fino a 2 GB di allegati. http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer Registrati GRATIS http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer
On Mon, 15 Oct 2007, domstra@alice.it wrote:
Do you know if is possible to configure STunnel in order to use the "engine" of nChiper nForce" card? If it is, could you provide me a configuration example regarding the using of STunnel with nChiper nForce" card?
I have not used any of the cypher engines myself. I've investigated using the VIA chipset for it, but haven't implemented it. I would suggest you ask around in the OpenSSL mailing lists, since it is OpenSSL and not stunnel which provides for the hardware support.
Peace, Gary
********* ***** ** Gary Coulbourne *************************.* Bear Activist ****** *********** ** *******o ******* ********* **** ****`- Systems Administrator ******* ********* ***** http://www.bears.org ****** ********** **** bear@bears.org ## ***** ***** ## **** KB3INA ### ***** ### **** Animal Conservation/Preservation #,,, ***,,, ##,,, **,,,
Thank you Gary, for your suggestion.
Actually, what I really need, it's a similar setup that Jay W. Reffner has reached with the technical indications of M.Trojnara. Following, the link regarding the topic of Jay W. Reffner I said before: http://marc.info/?l=stunnel-users&m=104434871412701&w=2
Unfortunately, I have to find a "SSL Accelerator card" that support OpenSSL and configure STunnel to use this card.
Please, help me. :)
Best Regards. Dom
________________________________
Da: bear@bears.org [mailto:bear@bears.org] Inviato: lun 15/10/2007 17.17 A: domstra@alice.it Cc: stunnel-users@mirt.net Oggetto: Re: R: [stunnel-users] SSL Accelerator card and Stunnel
On Mon, 15 Oct 2007, domstra@alice.it wrote:
Do you know if is possible to configure STunnel in order to use the "engine" of nChiper nForce" card? If it is, could you provide me a configuration example regarding the using of STunnel with nChiper nForce" card?
I have not used any of the cypher engines myself. I've investigated using the VIA chipset for it, but haven't implemented it. I would suggest you ask around in the OpenSSL mailing lists, since it is OpenSSL and not stunnel which provides for the hardware support.
Peace, Gary
********* ***** ** Gary Coulbourne *************************.* Bear Activist ****** *********** ** *******o ******* ********* **** ****`- Systems Administrator ******* ********* ***** http://www.bears.org http://www.bears.org/ ****** ********** **** bear@bears.org ## ***** ***** ## **** KB3INA ### ***** ### **** Animal Conservation/Preservation #,,, ***,,, ##,,, **,,,
*********** Scopri la nuova Alice Mail! http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer 1 GB di spazio con antivirus, antispam e fino a 2 GB di allegati. http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer Registrati GRATIS http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer
Hi all,
Please, can you help me about the needs described in the mail below?
I need a solution asap, I have to take a critical decision in few days.
Thank you in advance for the support!
Best Regards. Dom
________________________________
Da: domstra@alice.it Inviato: lun 15/10/2007 18.11 A: stunnel-users@mirt.net Cc: bear@bears.org Oggetto: R: R: [stunnel-users] SSL Accelerator card and Stunnel
Thank you Gary, for your suggestion.
Actually, what I really need, it's a similar setup that Jay W. Reffner has reached with the technical indications of M.Trojnara. Following, the link regarding the topic of Jay W. Reffner I said before: http://marc.info/?l=stunnel-users&m=104434871412701&w=2
Unfortunately, I have to find a "SSL Accelerator card" that support OpenSSL and configure STunnel to use this card.
Please, help me. :)
Best Regards. Dom
________________________________
Da: bear@bears.org [mailto:bear@bears.org] Inviato: lun 15/10/2007 17.17 A: domstra@alice.it Cc: stunnel-users@mirt.net Oggetto: Re: R: [stunnel-users] SSL Accelerator card and Stunnel
On Mon, 15 Oct 2007, domstra@alice.it wrote:
Do you know if is possible to configure STunnel in order to use the "engine" of nChiper nForce" card? If it is, could you provide me a configuration example regarding the using of STunnel with nChiper nForce" card?
I have not used any of the cypher engines myself. I've investigated using the VIA chipset for it, but haven't implemented it. I would suggest you ask around in the OpenSSL mailing lists, since it is OpenSSL and not stunnel which provides for the hardware support.
Peace, Gary
********* ***** ** Gary Coulbourne *************************.* Bear Activist ****** *********** ** *******o ******* ********* **** ****`- Systems Administrator ******* ********* ***** http://www.bears.org http://www.bears.org/ ****** ********** **** bear@bears.org ## ***** ***** ## **** KB3INA ### ***** ### **** Animal Conservation/Preservation #,,, ***,,, ##,,, **,,,
*********** Scopri la nuova Alice Mail! http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer 1 GB di spazio con antivirus, antispam e fino a 2 GB di allegati. http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer Registrati GRATIS http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer *********** Scopri la nuova Alice Mail! http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer 1 GB di spazio con antivirus, antispam e fino a 2 GB di allegati. http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer Registrati GRATIS http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer
domstra@alice.it writes:
Please, can you help me about the needs described in the mail below? [ ... ] Unfortunately, I have to find a "SSL Accelerator card" that support OpenSSL and configure STunnel to use this card.
As someone else already said, configuring the use of such a card is not done by stunnel, but by openssl, so you'll find better answers in an openssl mailing list.
Thank you Rodrigo for your answer!
Yes, I understood what you said about OpenSSL. Anyway, I'd like to know if there is someone that could suggest me a "SSL Accelerator card", in sense of product, in order to get directly a good solutions for my needs
Kind Regards. Dom
________________________________
Da: Luis Rodrigo Gallardo Cruz [mailto:rodrigo@nul-unu.com] Inviato: mar 16/10/2007 14.48 A: domstra@alice.it Cc: stunnel-users@mirt.net Oggetto: Re: [stunnel-users] R: R: SSL Accelerator card and Stunnel
domstra@alice.it writes:
Please, can you help me about the needs described in the mail below? [ ... ] Unfortunately, I have to find a "SSL Accelerator card" that support OpenSSL and configure STunnel to use this card.
As someone else already said, configuring the use of such a card is not done by stunnel, but by openssl, so you'll find better answers in an openssl mailing list.
*********** Scopri la nuova Alice Mail! http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer 1 GB di spazio con antivirus, antispam e fino a 2 GB di allegati. http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer Registrati GRATIS http://registra.rossoalice.alice.it/registra/basic/entratabasic.do?entryPoint=footer
At almost 2007-10-16 15:57 +0200, domstra@alice.it extemporized:
Yes, I understood what you said about OpenSSL. Anyway, I'd like to know if there is someone that could suggest me a "SSL Accelerator card", in sense of product, in order to get directly a good solutions for my needs
Same answer. Ask on the OpenSSL list.
I need a solution asap, I have to take a critical decision in few days.
I'd politely suggest that you need to push back your decision if you are just starting to research this question.
-
bear@bears.org -
Brian Hatch -
domstra@alice.it -
Luis Rodrigo Gallardo Cruz