Hi all The ubsec and chil engines are currently disabled in 1.1.0 and do not build. As far as ubsec is concerned I understand that this is an engine for broadcom cards. There has been very little activity with this engine since it was first introduced. Google brings up some very old historic references to its use. There are a couple of more recent references. This post from 2014 suggests that OpenSSL's support for this is broken anyway and has been for some while: https://forum.pfsense.org/index.php?topic=71857.0 There is also this post from 2013 from someone trying to get it to work but with no (apparent) success: https://stackoverflow.com/questions/17715546/openssl-speed-test-for-broadcom-engine So for ubsec I can't find any evidence that it is being used successfully. For chil I found this dicussion from 2012 on openssl-users where apparently someone was using it (successfully): http://openssl.6102.n7.nabble.com/Tutorials-on-OpenSSL-integration-with-nCipher-HSM-nShield-td2311.html This RT ticket from 2008 is suggesting various fixes - the last of which was applied. There was a brief flurry of commits tweaking stuff in chil around this time: https://rt.openssl.org/Ticket/Display.html?id=1736 So it seems that for chil there may possibly be some rare use (but even the most recent evidence is 4 years old). However the OpenSSL dev team do not have access to this hardware to maintain the engine and (as noted above) this is currently not building in 1.1.0. In both cases I would like to remove these engines from 1.1.0. I'd like to hear from the community if there is any active use of these. One option if there is found to be some small scale use is to spin out the engine into a separately managed repo (as has happened recently with the GOST engine). If I don't hear from anyone I will remove these. Matt
