Project

General

Profile

Bug #3125

hifn on 2.1 breaks certain ciphers w/openssl

Added by Chris Buechler about 6 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Category:
Operating System
Target version:
-
Start date:
08/02/2013
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

Need to gather some more details, but it appears having a hifn card in a 2.1 system completely breaks openssl. At least ACB doesn't function on 2.1 amd64 with a hifn card because of SSL failure that doesn't happen without the hifn. The Soekris VPN1411 specifically though it's probably not specific to that particular model. I have a couple of those here, will test when time permits to gather more info.

History

#1 Updated by Jim Pingle about 6 years ago

Probably not broken in general (or the GUI wouldn't work, nor would ssh) but it does have issues with some ciphers, as I found when adding the BEAST mitigation options.

See 30adceda1fffe160d18bdcbcaccb0da5de000fdf

If the server to which it connects had that set, I could see it failing.

#2 Updated by Chris Buechler about 6 years ago

  • Subject changed from hifn on 2.1 breaks openssl to hifn on 2.1 breaks certain ciphers w/openssl

#3 Updated by Chris Buechler about 6 years ago

  • Target version changed from 2.1 to 2.2

not really anything we can do here. will revisit.

#4 Updated by Jim Pingle over 5 years ago

Testing this on 2.2 I am still unable to set lighttpd to use BEAST protection. I receive the same error as before, indicating a problem with the encryption. ACB does work on the same 2.2 installation, however, something else may have changed server side since the last test.

#5 Updated by Chris Buechler over 5 years ago

Confirmed same on an ALIX with:

hifn0 mem 0xe00c0000-0xe00c0fff,0xe0100000-0xe0101fff,0xe0140000-0xe0147fff irq 9 at device 12.0 on pci0
hifn0: [ITHREAD]
hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult>

#6 Updated by Jim Thompson over 5 years ago

  • Target version changed from 2.2 to Future

I'm not sure this is a bug we should attempt to fix in 2.2. Marked as 'future'.

#7 Updated by Jim Thompson over 3 years ago

  • Assignee set to Chris Buechler

not sure that we shouldn't just close this. Assigned to cmb.

#8 Updated by Chris Buechler over 3 years ago

  • Status changed from New to Closed
  • Target version deleted (Future)
  • Affected Version deleted (2.1)

not sure this is still an issue. if it is and anyone cares, report upstream to FreeBSD.

Also available in: Atom PDF