On Wednesday, 11 November 2015, Bryan Drewery <bdrew...@freebsd.org> wrote:

> On 11/10/15 9:52 AM, John-Mark Gurney wrote:
> > My vote is to remove the HPN patches.  First, the NONE cipher made more
> > sense back when we didn't have AES-NI widely available, and you were
> > seriously limited by it's performance.  Now we have both aes-gcm and
> > chacha-poly which it's performance should be more than acceptable for
> > today's uses (i.e. cipher performance is 2GB/sec+).
> AES-NI doesn't help the absurdity of double-encrypting when using scp or
> rsync/ssh over an encrypted VPN, which is where NONE makes sense to use
> for me.

I have to agree that there are cases when the NONE cipher makes sense, and
it is up to the end user to make sure they know what they are doing.

Personally I have used it at home to backup my old FreeBSD server (which
does not have AESNI) over a dedicated network connection to a backup server
using rsync/ssh. Since it was not possible for anyone else to be on that
local network, and the server was so old it didn't have AESNI and would
soon be retired, using the NONE cipher sped up the transfer significantly.

If the patch is made easy enough to maintain (as some subsequent posts have
implied), I quote the NONE cipher stays. I would even like to see it
compiled in by default (but disabled in the default configuration file).
That way you wouldn't need a custom compiled base to use it - just edit the
config file.



From: Benjamin Woods
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to