Solaris 10 5/09 What's New

SunSSH With OpenSSL PKCS#11 Engine Support

This feature enables the SunSSH server and client to use Solaris Cryptographic Framework through the OpenSSL PKCS#11 engine. SunSSH uses cryptographic framework for hardware crypto acceleration of symmetric crypto algorithms which is important to the data transfer speed. This feature is aimed at UltraSPARC® T2 processor platforms with n2cp(7D) crypto driver.

UltraSPARC T1 processor platforms are not affected by this feature since the ncp(7D) driver does not support symmetric crypto algorithms. Platforms without any hardware crypto plugins are not affected by this feature, regardless of the value set for the UseOpenSSLEngine option. The default value of the UseOpenSSLEngine option is set to on and the server and client SSH configuration files need not be updated.

SunSSH should be used with Sun Crypto Accelerator 6000 board software version 1.1 with the following patches installed:

Note –

No patch is available for the Sun Crypto Accelerator 6000 board software version 1.0. To workaround this issue, remove the AES counter modes from the Ciphers option keyword on both the server and the client side.

For more information, see the ssh_config(4) and sshd_config(4)