# kernel crypto API and ssl

## D-LINC

I was curious about something: the kernel crypto API. From what I was able to gather from Googling, I understand that certain subsystems of the kernel (like wireless) utilize the kernel crypto API, and they are also necessary when you want to do things like boot from an encrypted root. But do openssl/gnutls libraries also use this API, or do they just have their own user space implementations of all the ciphers?

I run a Web server and I like to pick my SSL cipher, key lengths, etc. to get the best security for the least amount of cpu cycles. So I was curious if building the kernel with a certain cipher gives some kind of performance boost to openssl/gnutls when using that cipher.

----------

## roarinelk

until recently (3.2-ish IIRC) there was no way for userspace to interface with the kernel's

crypto system, so userspace always had its own implementations.

given a recent intel/amd cpu, at least using the kernel crypto system for aes should

give a small performance boost over pure software implementations.

----------

