OpenSSH performance with VIA padlock
Damien Miller
djm at mindrot.org
Thu Nov 20 21:11:29 EST 2008
On Wed, 19 Nov 2008, Jan Klod wrote:
> > Did you enable OpenSSL engine support when you built OpenSSH?
> > (./configure --with-ssl-engine).
> enabled
>
> > Try this with 5.1p1, apparently some earlier versions didn't work
> > properly (I have no such hardware to test).
> same ver.
>
> > Also as someone else mentioned, try a faster MAC such as umac64.
> Why should I, if I have padlock, which supports sha1/sha265?!
It doesn't; Padlock's SHA implementation has a design flaw that make it
difficult to use with most hashing APIs (OpenSSL included) without the
most gross of hacks.
> openssl with -engine padlock: only aes gives much better results, the rest
> remains as before.
>
> Apparently ssl is the problem! Where should I ask?
You can't use Google?
-d
More information about the openssh-unix-dev
mailing list