Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-68

Document potential SSL crypto hardware acceleration issues on Niagara machines such as T2000

    XMLWordPrintable

    Details

    • Task
    • Status: Done
    • Major
    • Resolution: Fixed
    • 2.4.0
    • 2.6.0
    • security
    • None

      Description

      We should document in our doc/FAQ that T2000 hardware acceleration of cyrpto used during SSL negotiation is very poor (worse than software). There are two steps to the workaround:

      1) Add more request handlers to the LDAP(S) connection handlers (note that I include LDAP as well since it SSL negotiation will be performed for StartTLS as well)

      2) Disable hardware acceleration for the directory server's JVM. Remove SunPKCS11 security provider from jre/lib/security/java.security.

      This may also be an issue for SASL authentication as well.

        Attachments

          Activity

            People

            Mark Mark Craig
            matthew Matthew Swift
            Mark Craig Mark Craig
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: