Overview

Some Solaris 10 machines support hardware SSL. These include those with the UltraSparc T1 and UltraSparc T2 chips. These are sometimes referred to niagara1 and niagara2.

The official documentation for this starts at Using the UltraSPARC cryptographic accelerators.

Default installations of Solaris on these machines will include a version of OpenSSL that works with the hardware. This is the one in /usr/sfw/bin.

To compile Apache against this one, add the configure option "--with-ssl=/usr/sfw".

Showing the version of this we see something like:

# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2008-5077 CVE-2009-0590)

So Solaris starts with the 0.9.7d version and patches various CVEs.

Next -> how do we know if we're using the crypto accelerators?