BIND 9.10.0b1 is now available
mje at posix.co.za
Mon Mar 17 16:56:25 UTC 2014
On Wed, 2014-02-26 at 00:55 +0000, Michael McNally wrote:
> A new compile-time option, "configure --enable-native-pkcs11",
> allows the BIND 9 cryptography functions to use the PKCS#11 API
> natively, so that BIND can drive a cryptographic hardware service
> module (HSM) directly instead of using a modified OpenSSL as an
> intermediary. This has been tested with the Thales nShield HSM
> and with SoftHSMv2 from the OpenDNSSEC project. [RT #29031]
Has anyone tried this yet? - either using SoftHSM or a Thales HSM?
I have access to a totally unconfigured Thales netShield Connect 500.
Without reading *all* the manuals - anyone have a HowTo setup to make
one of these beasties talk PKCS#11... a Goto page XX is acceptable..
. . ___. .__ Posix Systems - (South) Africa
/| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
More information about the bind-users