[Bug 3194] New: Please consider lowering chacha20-poly1305 at openssh.com cipher priority on AES-NI capable CPU

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Jul 19 03:33:48 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3194

            Bug ID: 3194
           Summary: Please consider lowering chacha20-poly1305 at openssh.com
                    cipher priority on AES-NI capable CPU
           Product: Portable OpenSSH
           Version: 8.3p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: fabio.pedretti at unibs.it

Even in 8.3p1 (using libcrypto) chacha20-poly1305 at openssh.com is a lot
slower than aes ciphers on AES-NI capable hardware.

aes128-gcm at openssh.com is 23% faster on Xeon Westmere (the first Intel
CPU with AES-NI) and 47% faster on Kaby Lake.

On Kaby Lake:

aes128-gcm at openssh.com        : 540MB/s
aes256-gcm at openssh.com        : 535MB/s

aes128-ctr                    : 445MB/s
aes192-ctr                    : 446MB/s
aes256-ctr                    : 436MB/s

chacha20-poly1305 at openssh.com : 364MB/s

Please consider making aes128-gcm at openssh.com the default.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list