OpenSSH HPN
Brooks Davis
brooks at freebsd.org
Mon Nov 30 19:32:25 UTC 2015
On Tue, Nov 24, 2015 at 09:29:44PM +0100, Aaron Zauner wrote:
> Hi,
>
> Please forgive my ignorance but what's the reason FreeBSD ships
> OpenSSH patched with HPN by default? Besides my passion for
> security, I've been working in the HPC sector for a while and
> benchmarked the patch for a customer about 1.5 years ago. The
> CTR-multi threading patch is actually *slower* than upstream OpenSSH
> with AES in CTR mode. GCM being, of course, the fastest mode on
> AESNI plattforms.
We never imported the AES bits as they were broken and AESNI was
available.
> The NULL mode is a security concern as some have noted, I can only
> imagine that the window-scaling patch is of such importance?
Both NULL and window-scaling were merged because both are useful in some
environments.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20151130/f8ce1b1b/attachment.bin>
More information about the freebsd-current
mailing list