OpenSSL hardware crypto engine functionality is not available

bchan · Dec 2, 2023, 4:29 AM

I just upgraded to CE 2.7.1. When I looked at the log of OpenVPN I found the captioned message.
In the System/Advanced/Misc setting, I have "Cryptographic Hardware" set to "AES-NI CPU based acceleration". This worked perfectly in the past.
I am using these ciphers:
AES-128-GCM
AES-128-CBC

Am I missing something in the setting in CE 2.71?
How can I turn on hardware acceleration again?

Thanks in advance for any advice and insights.

tinfoilmatt · Dec 2, 2023, 4:22 PM

@bchan reboot.

bchan · Dec 4, 2023, 7:39 AM

@cyberconsultants The upgrade already triggered a reboot and I have not changed any setting. Why another reboot will solve the problem?

On the other hand, I read somewhere that CPU AES-NI is considered "kernal" now in openssl. Perhaps that is the reason why it is not longer needed in OPENVPN configuration.
I have measured both the upload and download speed and noticed no degradation even with the warning message.

tinfoilmatt · Dec 4, 2023, 4:28 PM

@bchan you could review kernel initialization by running...

sysctl -a

...if you want to review what might not have 'come up' properly. a subsequent reboot could then affirm or disaffirm any findings.