Sun Crypto 6000 accerlator card

Similar Messages

• Enabling kssl in case of sun crypto 6000 card failure.

  Can anyone provide me with some documentation that how exactly kssl is supposed to work.
  I am using a sun crypto 6000 accerlator card and want to enable the kernel level SSL in case of the card failover.
  Can anyone please let me know if this possible and if so, how.
  Regards
  Manik gupta

  Just for your info and hope it helps...
  Jan 23 12:33:52 shark01 snmpXdmid: [ID 216524 daemon.error] Registration with DMI failed. err = 831.
  Jan 23 12:33:52 shark01 syslogd: /dev/sysmsg: I/O error
  Jan 23 12:37:11 shark01 ebus: [ID 521012 kern.info] su1 at ebus0: offset 0,2e8
  Jan 23 12:37:11 shark01 genunix: [ID 936769 kern.info] su1 is /pci@1f,0/isa@7/serial@0,2e8
  =====================================
  Jan 23 12:33:52 shark01 syslogd: /dev/sysmsg: I/O error
  <-------- Got an I/O error here. And Syslogd is the daemon running the syslog to write logs on /var filesystem. Could be some problem in your /var filesystem.
  ======================================
  Jan 23 12:37:11 shark01 genunix: [ID 936769 kern.info] su1 is /pci@1f,0/isa@7/serial@0,2e8
  <------- this is pointing to your TTYB or serial port B. You may something connected there that is having a problem.
  =====================================
  Are you using a SYSLOG server ?
  Edited by: Noel.del@Rosario on Feb 20, 2008 4:24 AM

• Sun Crypto 1000 and Solaris 10

  hi,
  I have some "Sun Crypto Accelerator 1000" cards.
  Is it possible to run it on Solaris 10 w/ Web servers 6 or 7 ???
  --mpech                                                                                                                                                                                                                                                               

  Sun PCI 3 runs fine with Solaris 10 - running on SB2500 with PCI3. Running Win2K and RH Linux.
  I cannot recall any problem with the exception that the driver files were not there for solaris 10. Resolved by the following (google news groups for SunPCI and Solaris 10).
  1) install the SunPCI software
  2) Create the following links with the "ln -s" command(as root) for solaris 10.
  lrwxrwxrwx 1 root root 13 Mar 8 2005 sunpcidrv.2100 ->
  sunpcidrv.290*
  lrwxrwxrwx 1 root root 16 Mar 8 2005 sunpcidrv.2100.64
  -> sunpcidrv.290.64*
  The links are in /opt/SUNWspci3/drivers/solaris directory. My existing SUNPCI3 PC+Linux file systems moved over from Solaris 9 with no issues when starting up with Solaris 10.
  As for upgrading to Solaris 10 from 9, 10 seems to have a bigger filesystem space requirement. I re-partioned my disks with a larger root partion and did a clean install rather than perform the upgrade.
  Also note on the Solaris 10 upgrade you need to get to grips with the new SMF. A man of inetconv(1M) will get you going and there is lots of help on the news groups.
  Best of Luck.
  Jon.

• Sun Crypto Accelerator 6000 Card

  Hi,
  We are in the process of evaluating a SSL acclerator card and I am eyeing on the SCA 6000 PCI card since majority of our servers are Sun Sparc. As I ran down through the product overviews I noticed that it has a limited number for supported hardware platforms. Please bear with me for I am new to this stuff. Does this mean that SCA 6000 card doesn't have to be installed on each existing webserver that does the usual SSL handshaking? Or can we say that we can put up a dedicated SSL accelerator server with the SCA 6000 installed in it and do the SSL operation in behalf of the webservers?
  Thanks in advance!

  I found a patch, sized 32 mb with unknown contents (i've been trying to download it for a while now, but no progress).
  Here is a link to the patch (named 10264428).
  https://support.oracle.com/CSP/ui/flash.html#tab=PatchHomePage(page=PatchHomePage&id=()),(page=PatchSearchResultsHome&id=(from=bookmark&viewItem=0&flag=search&search=%3CSearch%3E%0A%20%20%3CFilter%20name=%22product%22%20op=%22IS%22%20value=%2217548%22%20type=%22product%22/%3E%0A%20%20%3CFilter%20name=%22release%22%20op=%22IS%22%20value=%22500012311200,400009910000%22%20type=%22release%22/%3E%0A%20%20%3CFilter%20name=%22platform%22%20op=%22IS%22%20value=%22226%22%20type=%22platform%22/%3E%0A%3C/Search%3E))
  To find it:
  Within My Oracle Support click the "Patches and Update" tab, then click "Product or Family (Advanced Search)".
  Product is: "Sun Crypto Accelerator 6000 Board"
  - and - Release is: Sun Crypto Accelerator 6000 Board 1.12
  - and - Platform is: Linux x86-64
  HTH! it was what i could find :p Othervise you could try and contact oracle :p
  .7/M.

• Ssl and Sun Crypto card 1000 Solaris 9

  Hi
  First time i have used a crypto card and and 1st time in using ssl.
  The crypto card came with an install script to compile ssl, apache and crypto libraries. Documentation says that should come pre-installed with Apache 1.3.26 and have only supplied the ssl.lib.so.1-3-26 files for Apache 1.3.26. The actual version supplied was Apache 1.3.33 and the script exits with wrong apache version.
  Have tried renaming the lib.so files to 1.3.33 but script still fails.
  Don't want to roll back to earlier version of apache but don't know how/where to get updated lib.so files from.
  Sorry if this is a stupid question but any help would be much appreciated

  This might be one of the exceedingly rare instances where I suggest that someone cross-post to another forum.
  On the off-chance that others that use the software may have already worked on this, you might consider asking your question on one of the Java Enterprise System forums. (iPlanet has been branded as JES since 2003).
  [http://forums.sun.com/index.jspa?tab=es]
  In particular, there is an archived JES/Security forum where previous discussions may have already covered this.
  I haven't a clue as to what your software might need for a "best" configuration.

• Sun Crypto accelerator 6000 + Sun One Web Server 6.1

  hi,
  I want 3des to be the firts of ciphers for clients to utilize my Crypto Accelerator. Also, I want RC4 to be the second one.
  But all browsers uses RC4 by default!
  This string doesn't work in server.xml, what did i miss?
  <SSLPARAMS servercertnickname="Sun Metaslot:Server-Cert" ssl2="off" ssl2ciphers="-desede3,-rc4,-rc4export,-rc2,-rc2export,-des" ssl3="on" tls="on" ssl3tlsciphers="+rsa_3des_sha,+rsa_rc4_128_sha" tlsrollback="on" clientauth="off"/>
  Resume: Why I need crypto accelerator if all traffic is RC4 ? :)
  Message was edited by:
  mpech

  You cannot get that behavior.
  When an SSL client and server negotiate the connection, the client sends a list of all the cipher suites it supports. From that list the server will pick the most secure cipher suite which it also supports (if the server doesn't support any of the cipher suites proposed by the client, the connection establishment will fail).
  RC4 (128bit) is more secure than 3DES (112 bit). Thus, a server will never pick 3DES above RC4_128 if both are valid options (i.e. when both client and server support both). If you really wanted to force use of 3DES you need to disable RC4_128 in the server (or all the clients; or both).

• Solaris 10 x86 goes to reboot mode after installing Sun x4 PCIe Quad card

  I have an x4200 server installed with solaris 10 x86 11/06 OS. After installing the OS it comes up fine.
  Now, When I install an SUN x4 PCIe Quad Gigabit Ethernet card on PCI slot 0 and on the power up server does not comes up. It gpes into the reboot mode.
  bash-3.00# uname -a
  SunOS server1-1 5.10 Generic_118855-33 i86pc i386 i86pc
  Does any one has face this issue..

  Solution found:
  First tried to login using "console login" when solaris booted up, before the desktop login window appeared. Then, run command "kdmconfig", changed the video device to X86 VESA compatible device, which is from the x86 driver and porting kit for solaris, then test/save and exit. After that, reboot the system. Now it is working, not perfect though (due to my old monitor) :)-

• Pavillion 6000 memory card reader

   have a HP Pavillion 6000 desktop.  Two questions where can I get a manual and How do I tell if I have a memory card reader? Where is it and how do I use it?

  redwind,
  It is impossible to answer a generic question. You need to state the exact model # or product code.
  I am a volunteer. I am not an HP employee.
  To say THANK YOU, press the "thumbs up symbol" to render a KUDO. Please click Accept as Solution, if your problem is solved. You can render both Solution and KUDO.
  The Law of Effect states that positive reinforcement increases the probability of a behavior being repeated. (B.F.Skinner). You toss me KUDO and/or Solution, and I perform better.
  (2) HP DV7t i7 3160QM 2.3Ghz 8GB
  HP m9200t E8400,Win7 Pro 32 bit. 4GB RAM, ASUS 550Ti 2GB, Rosewill 630W. 1T HD SATA 3Gb/s
  Custom Asus P8P67, I7-2600k, 16GB RAM, WIN7 Pro 64bit, EVGA GTX660 2GB, 750W OCZ, 1T HD SATA 6Gb/s
  Custom Asus P8Z77, I7-3770k, 16GB RAM, WIN7 Pro 64bit, EVGA GTX670 2GB, 750W OCZ, 1T HD SATA 6Gb/s
  Both Customs use Rosewill Blackhawk case.
  Printer -- HP OfficeJet Pro 8600 Plus

• How to setup Glashfish 2.1 with sun crypto hardware inside T2 processor

  Dear Expert,
  I had setup comm 7 at guest os (ldom guest) on sun fire t5240 , All running well (mail,calender,im) , I also read
  http://wikis.sun.com/display/BluePrints/Taking%20Advantage%20of%20Wire-Speed%20Cryptography
  Does any body have guide step by step How to integrated glasshfish with sun    Cryptography hardware ?
  thanks
  Hadi

  singautara,
  SLIM is trying to tell you that SUSE 9.x will just not work.
  Period.
  SUSE 9.x is for Intel and AMD chips and the computers that use them. Your Ultra-60 does not have x86 compatible components in it.
  It does not have a BIOS. It has an OpenBootProm .
  The last distribution ever ported by SUSE to Sun's SPARC cpu architecture was something like version 7.3. That is from 5 years ago !
  What's wrong with the Operating Environment that was developed by the same company that manufactured your computer?
  Use the SunOS on the Sun system !
  http://sunsolve.sun.com/handbook_pub/Software/
  Tell you what ...
  Find the "Related Documentation" link at this page in the Sun System Handbook and research what sort of system you have.
  http://sunsolve.sun.com/handbook_pub/Systems/U60/U60.html

• AES-256, BouncyCastle, Sun Crypto Providers, Default Padding

  Hi,
  The subject alsmost says it all, but in a nutshell, I would like to use BC for AES-256. I also wanted to compare the ciphered outputs from both BC and SUN to make sure everything was working ok (I have installed the Unlimited Strength Jurisdiction Policy Files 6 for the Sun JRE 6).
  I have noticed the following, when the data input is a multiple of 16, the ciphered data generated by both engines are the same (Sun = AES, BC = PaddedBufferedBlockCipher(AES Engine) + PKCS7Padding).
  However, when the data input is not of a multiple of 16 - the ciphered output is different.
  Hence my question: What is the default padding and mode used by the Sun JCE when doing a getInstance("AES") ?
  How to make sure that the ciphered data is the same for both engines, regardless of the data input length pls?
  Thx

  Hi,
  So what is the problem with using the BC provider?
  The problem with using the BC provider is that if you have a web started application, the lambda user should not worry about installing an extra set of files for the JRE. And that lambda user might not know at all how to install the policy file as well. (Note that this policy is only required on Windows - works fine on Mac). All of this for AES-256 should be transparent.
  Code for Sun JCE
  public String encryptToBase64(String data) throws Exception {
            Cipher cipher = Cipher.getInstance(aesCipher); // "AES"
           cipher.init(Cipher.ENCRYPT_MODE, secretKey);
           final byte[] newData = EncryptionUtils.getBytes(data);
           final byte[] edata = cipher.doFinal(newData);
           return Base64.encodeBase64String(edata);
  Code for BC Provider works fine (with policy) - same output
  Only difference comes from:
  Security.addProvider(new BouncyCastleProvider());and
  Cipher cipher = Cipher.getInstance(aesCipher, "BC");What I am just trying to do is to use the BC API directly - no provider - so that my AES-256 ciphered output is the same that the Sun and BC provider with policy installed.
  I managed to do it - but by padding manually the data myself so that it is a multiple of 16 in length (I would llike to avoid this):
  public String encryptToBase64(String data) throws Exception {
            final byte[] newData = EncryptionUtils.getBytes(data);
            return Base64.encodeBase64String(encode(newData));
  }     private byte[] encode(byte[] inputBytes) throws Exception {
           final BufferedBlockCipher cipher = getCipher(true);
           final byte[] outputBytes = new byte[cipher.getOutputSize(inputBytes.length)];
           int outputLen = cipher.processBytes(inputBytes, 0, inputBytes.length, outputBytes, 0);
           outputLen += cipher.doFinal(outputBytes, outputLen);
           final byte[] finalBytes = new byte[outputLen];
           System.arraycopy(outputBytes, 0, finalBytes, 0, outputLen);
           return finalBytes;
  private BufferedBlockCipher getCipher(final boolean forEncryption) {
            final BlockCipher aesEngine = new AESEngine();
            final BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(aesEngine, new PKCS7Padding());
           cipher.init(forEncryption, new KeyParameter(rawKey));
           return cipher;
  }with
  public class EncryptionUtils {
       public static final int DEFAULT_BLOCK_SIZE = 16;
       public static final String pad = "                ";
       public static byte[] getBytes(final String str) {
            if (str.length() == DEFAULT_BLOCK_SIZE) {
                 return str.getBytes();
            final int padding = 16 - str.length() % 16;
            final int newSize = str.length() + padding;
            return (str + pad).substring(0, newSize).getBytes();
  }Apologies if I was not clear.
  On top of that - if your code is deciphered on Android for ex, using BC makes sense as I think it is the provider for Android.
  thx

• Same certificates for two servers using Sun Java WS 6.1sp5 with Crypto card

  Hi,
  I have 2 Sun java webserver 6.1 sp5 installed on two machines as :
  Single webserver1 instance on hostmachine1
  Single webserver1 instance on hostmachine2.
  (both instance names are same)
  I have created server certificate and installed it using External cryptographic module: Sun Crypto Accelerator 500 on hostmachine1.
  It is perfectly working fine.
  Now,for hostmachine2, I created trust database with same password as for hostmachine1, I copied the two files
  https-webserver1-hostmachine1-key3.db and
  https-webserver1-hostmachine1-cert8.db from hostmachines1 and then put on the hostmachines2 (in an serverroot/alias folder ) and then renamed them as
  https-webserver1-hostmachine2-key3.db and
  https-webserver1-hostmachine2-cert8.db
  Then I went to preferences->Edit socket listen, but security was disabled.
  I restarted the webserver, but security was still disabled.
  What is the problem??
  Please inform me as well as at my email address [email protected]
  Please do reply me as I am waiting anxiously.
  Thanks.
  Taqi

  Hello,
  The problem you are reporting is not expected.
  Hope you are not trying on admin server.
  I am not sure why you removed all files from alias directory.
  Please do the following in a fresh installation:-
  1) install ws6.1sp5.
  2) copy cert and key db from the working systems to the alias
  directory of the instance.
  3) move the db files to the new name (make this name right).
  4) through admin server GUI select instance (Manage server).
  5) go to edit listen socket.
  6) turn on security and select OK.
  7) then press Apply button.
  8) then press Apply changes.
  9) it will restart your instance server and will ask you for the password.
  10) supply the security password of the first server.
  11) it will restart your instance server in https mode.
  This works fine.

• ATI 6000 series graphic card-

  I imagine many of us MacPro owners know that Apple offers last years’ cards at next year’s prices. As such, I was wondering if anyone has been successful with installing the PC variants into their 2009 MacPro.
  On the Q&A sales page, I remember a guy stated you could simply flash the PC version card and it would work in the MacPro but frankly, that sounds too easy. I would love to install an ATI 6000 series card into my MacPro in order to better support my NEC PA271 display. In fact, I'm planning on hooking another NEC just like it.
  BTW: I’m not a gamer, although I do prefer to at least 1+ the stock GT-120 to drive my monitor(s). Any advice is appreciated.
  Thanks,

  Hi-
  The latest update holds the necessary support for the following Radeon cards:
  AMD Radeon HD 6850 Device ID 0x6739
  AMD Radeon HD 6870 Device ID 0x6738
  AMD Radeon HD 6970 Device ID 0x6718
  Further, the Radeon 5xxx cards show broader support:
  ATI Radeon HD 5630 Device ID 0x68D8
  ATI Radeon HD 5630 Device ID 0x68D9
  ATI Radeon HD 5670 Device ID 0x68D8
  ATI Radeon HD 5730 Device ID 0x68D8
  ATI Radeon HD 5770 Device ID 0x68B8
  ATI Radeon HD 5850 Device ID 0x6899
  ATI Radeon HD 5870 Device ID 0x6898
  I've seen reports of various X86 users having plug and play success (no flash) with cards from the above lists.
  As for which cards, exactly, you'll have to do some searching.
  Also, there are no reports of MP users making the jump to 6xxx cards, yet......

• Configure 2 network Card in Sun ULTRA 1

  Hi,
  Can I put 2 network card in a Sun Ultra 1
  One Card it's for connected in my Network Sun in 192.9.XXX.XXX
  and the second it's for my Network PC in 192.168.XXX.XXX
  I want see this machine in the 2 network
  Best regards.

    This is caused by the default security policy which blocks file sharing with unidentified networks by making them public. (How it determines unidentified networks is another interesting question). To allow file sharing, you have to change the local
  security policy to allow unidentified networks to be private. 
  Local Security Policy | Network List Manager Policies |Unidentified Networks 
  Bill

• Verisign Payflow PRo and Sun JCE

  We have been trying to integrate verisign's payflow pro java APIs for credit card processing. THe integration works fine when run directly from a unit test, but fails when it is run inside the weblogic server.
  As an FYI -
  The sunJCE provider is specifically unloaded by WebLogic Server if it is found to be registered statically. If you require the sunJCE provider, load it dynamically.
  Add --
  java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  java.security.Security.addProvider(new com.sun.crypto.provider.SunJCE() );
  to your class to fix the problem

  OK, I restarted my client with the original verisign.ini file dropped back in and Voila, it works.
  I really wanted to change my password to a more secure/stronger password so I'm still back to square one.
  Any suggestions where the password needs to be changed besides the verisign.ini file Gordon?
  In addition, I don't know why the verisign.ini file adds a 'JP' to the end of the password which appears scrambled by the way.

• Booting x4540 with a Compact Flash card

  Hi Y'all,
  I'm having this weird problem with a brand new SunFire x4540. They have the Compact Flash slot in the back, such that you can install the OS on the card and boot off it, thus allowing you to use all 48 SATA drives in the machine.
  In the docs, it says "use only a 8GB or 16GB Compact Flash (CF) Card":
  http://docs.sun.com/source/820-4855-12/chap3-pre.html#0_pgfId-1008964
  So I'm trying to use a 16GB CF card, a SanDisk Extreme 16GB UDMA CF. But, when I go into the BIOS, I see this (under IDE configuration):
  Device: Primary IDE Master
  Vendor: SanDisk SDCFX-016G
  Size: 0MB <--- This can't be right
  LBA Mode: Supported
  Block Mode: Not Supported
  PIO Mode: 4
  Async DMA: MulitiWord DMA-2
  Ultra DMA: Ultra DMA-5
  S.M.A.R.T.: Not Supported
  Now, I can install OpenSolaris on it, it sees it fine during install and no errors are reported during install, but I cannot boot from it, it dumps me to the grub prompt. It makes me suspicious that the BIOS thought it was 0MB big. At grub, I can do this:
  grub> geometry (hd0)
  drive 0x80: C/H/S = 1024/255/63, The number of sectors = 64528, LBA
  Partition num: 0, [BSD/SOLARIS sub-partitions immediately follow]
  BSD/SOLARIS Partition num: 'a', zio_read_data failed
  Error 18: Selected cylinder exceeds maximum supported by BIOS
  BSD/SOLARIS Partition num: 'c',
  Error 18: Selected cylinder exceeds maximum supported by BIOS
  BSD/SOLARIS Partition num: 'i',
  Error 18: Selected cylinder exceeds maximum supported by BIOS
  That makes me think that the disk is too big for the BIOS, even though the docs say a 16GB CF should work. Now, we have another x4540 that DOES boot off a 4GB CF. We tried it in the new 4540 and it does work there as well. So: Are the docs wrong, and you must have only a 4GB CF? The BIOS sees the 4GB CF just fine:
  Device: Primary IDE Master
  Vendor: Kingston 4G
  Size: 3.8GB <--- It sees the size
  LBA Mode: Supported
  Block Mode: Not Supported
  PIO Mode: 4
  Async DMA: MulitiWord DMA-2
  Ultra DMA: Not Supported
  S.M.A.R.T.: Not Supported
  Or, are only certain CF cards supported? I could not find a list anywhere... I tried contacting Sun Hardware support but no one seems to have any info over there yet. Does anyone here perhaps have any data? Like, which CF cards are supported? From what I gather, Oracle does not sell CF cards anymore and we were asked to buy a 3rd party one, without knowing there would be problems.
  Thanks for any insight!
  PS- I already upgraded the BIOS to the latest version to try to fix this, but it didn't help...

  Hello,
  We boot 6250 blades in a SUN Blade 6000 chassis with 4GB Kingston compact flash cards, and have no issue. It sounds like the docs are incorrect that the 16GB card is supported, as the BIOS needs to be able to recognize it and does not. Since Solaris or Linux will fit just fine in 4GB, I'd suggest going that route, unless you need it for more than just the OS (like using it for swap as well).