Optional 'test' or benchmark cipher

Iain Morgan imorgan at nas.nasa.gov
Fri Jan 18 04:17:12 EST 2008

On Wed, Jan 16, 2008 at 17:47:02 -0800, Linda Walsh wrote:
> > What are you typically seeing for your transfer rates? What cipher/MAC
> > combination are you using and what version of OpenSSL? Also, what
> > version of OpenSSH?
> ----
> 	Most are under 12MB/s (which, I know, sounds like very good
> 100Mbs performance -- cept that I'm expecting Gigabit  performance.
> 	Interfaces are running at 1G verified w/"ethtool" and "lights on
> the switches involved".
> 	I looped through all of the ciphers transferring a 256MB
> uncompressible (bzip2'ed) file (No compression enabled on any machine, BTW).  The fastest cipher was the first tried (default) aes128-cbc.  Most were
> significantly slower (~3-10X).  But the fastest was 16.7MB/s, with
> the rest under 11.9 (and one ~1.1MB (unexplained slowness between 2 fastest
> machines).  The win machine has 3-switches between it and the other 3 --
> they are all off the same switch.

That certainly seems a bit odd to me. Typically arcfour will give you
the best performance. And if you are using OpenSSH 4.7 on both ends, I
would suggest using umac-64 for the MAC.

A quick test yesterday with a 790MB file showed a transfer rate of
28MB/s between two hosts. One was running 4.7p1 built against a recent
version of OpenSSL. The other system was a stock RHEL 4 system, which
reduced the performance somewhat.

On another architecture, I've seen transfer rates around 60 MB/s.

You might want to run 'openssl speed' and see what numbers you are
getting. It may be that your build of OpenSSL is not optimal for some

Iain Morgan

More information about the openssh-unix-dev mailing list