[tor-relays] Single IP multiple OR Ports
Andy Isaacson
adi at hexapodia.org
Tue Mar 4 21:05:38 UTC 2014
On Tue, Mar 04, 2014 at 01:00:15PM +0100, toxi roxi wrote:
> i know that link and thats what i have done to setup intel aesni
> acceleration - but it seems that this tweak is not available anymore on
> ubuntu 13.10 thats what i've meant.
As Moritz says, the *config* is removed, because aes-ni is no longer a
*separate* module, it's built in to core openssl.
> i found also some hints in google that this is no longer working now.
>
> this is in my startup log:
> Mar 04 11:54:24.000 [warn] Unable to load dynamic OpenSSL engine "aesni".
> Mar 04 11:54:24.000 [notice] Default OpenSSL engine for RSA is RSAX engine
> support [rsax]
> Mar 04 11:54:24.000 [warn] TLS error while generating certificate: could
> not load the shared library (in DSO support routines:DLFCN_LOAD:---)
> Mar 04 11:54:24.000 [warn] TLS error while generating certificate: could
> not load the shared library (in DSO support routines:DSO_load:---)
> Mar 04 11:54:24.000 [warn] TLS error while generating certificate: dso not
> found (in engine routines:DYNAMIC_LOAD:---)
> Mar 04 11:54:24.000 [warn] TLS error while generating certificate: no such
> engine (in engine routines:ENGINE_by_id:---)
>
>
> but as you can see aesni_intel is activated:
> lsmod | grep aes
> aesni_intel 55624 0
Note that the kernel module is not required for openssl, instead you
just need to verify that aes is in /proc/cpuinfo:
grep --color aes /proc/cpuinfo
(The aesni_intel kernel module gives you faster encrypted disks and
similar in-kernel cryptography systems. The "aes cpuflag" ensures that
the AES-NI instructions are available to applications.)
-andy
More information about the tor-relays
mailing list