Re: OpenSSH HPN

From: Brooks Davis <brooks_at_freebsd.org>
Date: Mon, 30 Nov 2015 19:23:48 +0000
On Tue, Nov 24, 2015 at 09:29:44PM +0100, Aaron Zauner wrote:
> Hi,
> 
> Please forgive my ignorance but what's the reason FreeBSD ships
> OpenSSH patched with HPN by default? Besides my passion for
> security, I've been working in the HPC sector for a while and
> benchmarked the patch for a customer about 1.5 years ago. The
> CTR-multi threading patch is actually *slower* than upstream OpenSSH
> with AES in CTR mode. GCM being, of course, the fastest mode on
> AESNI plattforms.

We never imported the AES bits as they were broken and AESNI was
available.

> The NULL mode is a security concern as some have noted, I can only
> imagine that the window-scaling patch is of such importance?

Both NULL and window-scaling were merged because both are useful in some
environments.

-- Brooks

Received on Mon Nov 30 2015 - 18:32:25 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:01 UTC