ssh / scp slow on 10GBE

Christian Weisgerber naddy at
Tue Jan 8 08:05:18 EST 2013

Damien Miller <djm at> wrote:

> > Well, you certainly won't get anything faster than your 700 MB of
> > openssl aes speed results. You cannot transmit data faster, than you
> > encrypt them. And even this upper bound is not reachable, because of
> > checksumming overhead.
> Right: if you are using AES and umac-64 as your MAC then you are actually
> invoking AES twice as umac-64 uses AES internally.

That's misleading.  UMAC uses AES only to encrypt its final hash
(somewhat like GMAC).  It does not run all the data through AES.

> Alternately, we are considering adding support for AES-GCM which is very
> fast on recent Intel CPUs and probably slightly faster than AES+umac-64
> everywhere.

I doubt it.  Check "openssl speed md5 sha1 sha256 ghash".  Figures
vary across architectures and machines, but GHASH performance for
large blocks seems broadly similar to SHA-1 and slower than MD5.

Christian "naddy" Weisgerber                          naddy at

More information about the openssh-unix-dev mailing list