Bug 5616 - evaluate default OpenSSH cipher selection
Summary: evaluate default OpenSSH cipher selection
Status: CLOSED WORKSFORME
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: pre-1.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.14.0
Assignee: Pierre Ossman
URL:
Keywords:
Depends on: 3002
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-25 15:02 CEST by Pierre Ossman
Modified: 2021-09-21 12:51 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Attachments

Description Pierre Ossman cendio 2015-08-25 15:02:40 CEST
OpenSSH now prefers the ChaCha20 cipher over AES. In theory that's a good thing as it requires less CPU cycles. The problem is that many modern systems have AES offloading, meaning that AES is still the fastest choice. Even when it is about the same speed, using dedicated hardware means that we free up the CPU for other things.

We need to have a look at this and do some testing. We probably need to have some detection logic in OpenSSH or tlclient to dynamically pick the best option based on what hardware is present.
Comment 1 Pierre Ossman cendio 2021-09-21 12:51:19 CEST
If it's good enough for everyone else using OpenSSH then it is good enough for us. We'll trust that upstream is doing what is best here. If we see performance problems with OpenSSH then we can revisit this.

Note You need to log in before you can comment on or make changes to this bug.