OpenSSL error: cannot load engine 'aesni'

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
shakisha
OpenVpn Newbie
Posts: 19
Joined: Thu Mar 03, 2016 1:56 am

OpenSSL error: cannot load engine 'aesni'

Post by shakisha » Sat Mar 26, 2016 6:33 pm

I have got this error when setting in the server.conf the line

engine aesni

however the openssl command
--
openssl speed -evp aes-256-cbc
---

runs fine and

---
grep aes /proc/cpuinfo
---

returns aes support. What can i do for fixing this error? Compiling from sources didn't helped me.

User avatar
Pippin
Forum Team
Posts: 1091
Joined: Wed Jul 01, 2015 8:03 am
Location: /dev/null

Re: OpenSSL error: cannot load engine 'aesni'

Post by Pippin » Sat Mar 26, 2016 7:23 pm

shakisha wrote:I have got this error when setting in the server.conf the line
engine aesni
grep aes /proc/cpuinfo
returns aes support. What can i do for fixing this error?
Seems you cannot use it, ask Digital Ocean.
however the openssl command
openssl speed -evp aes-256-cbc
runs fine
Is wrong command

Try this:

Code: Select all

openssl speed -evp aes-256-cbc -engine easni

shakisha
OpenVpn Newbie
Posts: 19
Joined: Thu Mar 03, 2016 1:56 am

Re: OpenSSL error: cannot load engine 'aesni'

Post by shakisha » Sun Mar 27, 2016 12:17 am

grep aes /proc/cpuinfo
returns aes support. What can i do for fixing this error?
Seems you cannot use it, ask Digital Ocean.

I've asked it, and they told me that yes, they support it.
Try this:

Code: Select all

openssl speed -evp aes-256-cbc -engine easni
it returns:
openssl speed -evp aes-256-cbc -engine easni
invalid engine "easni"

User avatar
Pippin
Forum Team
Posts: 1091
Joined: Wed Jul 01, 2015 8:03 am
Location: /dev/null

Re: OpenSSL error: cannot load engine 'aesni'

Post by Pippin » Sun Mar 27, 2016 10:50 am

Hehe sorry, made a typo...
Try this:

Code: Select all

openssl speed -evp aes-256-cbc -engine aesni

ruxandy
OpenVpn Newbie
Posts: 1
Joined: Thu May 19, 2016 6:11 am

Re: OpenSSL error: cannot load engine 'aesni'

Post by ruxandy » Thu May 19, 2016 6:17 am

All the answers are wrong.
The OP is most lilely on OpenSSL 1.0.1 which does not have an AES-NI engine.
In OpenSSL 1.0.1, AES-NI support is integrated at EVP layer. More info here:
http://stackoverflow.com/questions/2893 ... i-in-nginx

Bottom line, you don't need to enable AES-NI in your OpenVPN config file. It will be used by default.

Locked