OpenSSH performance with VIA padlock

Damien Miller djm at
Thu Nov 20 21:11:29 EST 2008

On Wed, 19 Nov 2008, Jan Klod wrote:
> > Did you enable OpenSSL engine support when you built OpenSSH?
> > (./configure  --with-ssl-engine).
> enabled
> > Try this with 5.1p1, apparently some earlier versions didn't work
> > properly (I have no such hardware to test).
> same ver.
> > Also as someone else mentioned, try a faster MAC such as umac64.
> Why should I, if I have padlock, which supports sha1/sha265?!

It doesn't; Padlock's SHA implementation has a design flaw that make it
difficult to use with most hashing APIs (OpenSSL included) without the
most gross of hacks.

> openssl with -engine padlock: only aes gives much better results, the rest 
> remains as before.
> Apparently ssl is the problem! Where should I ask?

You can't use Google?


More information about the openssh-unix-dev mailing list