5616 – evaluate default OpenSSH cipher selection

Bug 5616 - evaluate default OpenSSH cipher selection

Summary: evaluate default OpenSSH cipher selection

Status:	CLOSED WORKSFORME

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Client (show other bugs)
Version:	pre-1.0
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	4.14.0
Assignee:	Pierre Ossman

URL:
Keywords:

Depends on:	3002
Blocks:
	Show dependency tree / graph

Reported:	2015-08-25 15:02 CEST by Pierre Ossman
Modified:	2021-09-21 12:51 CEST (History)
CC List:	1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio

2015-08-25 15:02:40 CEST

OpenSSH now prefers the ChaCha20 cipher over AES. In theory that's a good thing as it requires less CPU cycles. The problem is that many modern systems have AES offloading, meaning that AES is still the fastest choice. Even when it is about the same speed, using dedicated hardware means that we free up the CPU for other things.

We need to have a look at this and do some testing. We probably need to have some detection logic in OpenSSH or tlclient to dynamically pick the best option based on what hardware is present.

Comment 1 Pierre Ossman cendio

2021-09-21 12:51:19 CEST

If it's good enough for everyone else using OpenSSH then it is good enough for us. We'll trust that upstream is doing what is best here. If we see performance problems with OpenSSH then we can revisit this.

Note You need to log in before you can comment on or make changes to this bug.