cryptodev is not needed for TCP_SIGNATURE...
Comment that cryptodev shouldn't be used unless you know what you're doing... The various arm/mips and one powerpc configs that have cryptodev in them need to be addressed, audited if they provide benefit and removed if they don't...
This commit is contained in:
John-Mark Gurney
parent
0c40f3532d
commit
b65946c631
@ -997,8 +997,7 @@ options ACCEPT_FILTER_HTTP
|
||||
# carried in TCP option 19. This option is commonly used to protect
|
||||
# TCP sessions (e.g. BGP) where IPSEC is not available nor desirable.
|
||||
# This is enabled on a per-socket basis using the TCP_MD5SIG socket option.
|
||||
# This requires the use of 'device crypto', 'options IPSEC'
|
||||
# or 'device cryptodev'.
|
||||
# This requires the use of 'device crypto' and 'options IPSEC'.
|
||||
options TCP_SIGNATURE #include support for RFC 2385
|
||||
|
||||
# DUMMYNET enables the "dummynet" bandwidth limiter. You need IPFIREWALL
|
||||
@ -2817,6 +2816,10 @@ options DCONS_FORCE_GDB=1 # force to be the gdb device
|
||||
# been fed back to OpenBSD.
|
||||
|
||||
device crypto # core crypto support
|
||||
|
||||
# Only install the cryptodev device if you are running tests, or know
|
||||
# specificly why you need it. Most cases, it is not needed and will
|
||||
# make things slower.
|
||||
device cryptodev # /dev/crypto for access to h/w
|
||||
|
||||
device rndtest # FIPS 140-2 entropy tester
|
||||
|
||||
Loading…
Reference in New Issue
Block a user