I recently started a small business and I can't afford new enterprise hardware just yet. However, I do make good use of older enterprise kit and currently have more than twenty BCM5823 crypto accelerators in use. I think that there may well be a lot of these cards still in use and it's going to be a nasty surprise for many when they update OpenSSL and find the performance has dropped. I was really upset to hear that support for ubsec has already been pulled and I wondered if anyone else was willing or able to help keep support for this device in OpenSSL for two more years, to April 2018? I realise why the OpenSSL project wanted to drop support for old accelerators and I am grateful that they kept them in for so long. I have one spare working BCM5823 and at least one BCM5821 to donate to a rescue effort if required. I also have one Dell PowerEdge 840 tower server with the necessary 64-bit PCI-X slots, 64-bit CPU for any developer volunteering from the UK for this rescue if needed. The PE840 is too heavy to ship outside the UK. I know SHA-1 is getting old but it is still a mandatory implementation for DNSSEC. Lots of organisations have legacy tape libraries encrypted in 3DES. These are just two applications where older enterprise servers might be found chugging away with a Broadcom accelerator inside. Rich Salz suggested posting here to see what the response would be. I suspect that like me, many people that use ubsec don't subscribe to the openssl mailing lists and won't notice for some time. The bad news for ubsec users: https://github.com/openssl/openssl/commit/766579ec893e8028288c7215090a6fa3bd424fa0 -Vince-
