Starting with Oracle Solaris 11.2, T4 instructions and Intel hardware acceleration are embedded in the OpenSSL internal crypto implementation for non-FIPS-140 OpenSSL. This change affects the performance of ssh, sshd, and Apache because these services use the OpenSSL pkcs11 engine by default on T4 systems and later versions.
Workaround: To obtain maximum performance, disable the OpenSSL pkcs11 engine.
Perform the following steps to disable the pkcs11 engine for ssh and sshd services:
Add the following line to the /etc/ssh/ssh_config and /etc/ssh/sshd_config files:
UseOpenSSLEngine no
Restart the ssh service.
# svcadm restart ssh
Perform the following steps to disable the pkcs11 engine for the apache22 service:
Comment out the following line in the /etc/apache2/2.2/conf.d/ssl.conf file:
# SSLCryptoDevice pkcs11
Restart the apache22 service.
# svcadm restart apache22