On Tue, Nov 24, 2015 at 09:29:44PM +0100, Aaron Zauner wrote:
> Hi,
> Please forgive my ignorance but what's the reason FreeBSD ships
> OpenSSH patched with HPN by default? Besides my passion for
> security, I've been working in the HPC sector for a while and
> benchmarked the patch for a customer about 1.5 years ago. The
> CTR-multi threading patch is actually *slower* than upstream OpenSSH
> with AES in CTR mode. GCM being, of course, the fastest mode on
> AESNI plattforms.

We never imported the AES bits as they were broken and AESNI was

> The NULL mode is a security concern as some have noted, I can only
> imagine that the window-scaling patch is of such importance?

Both NULL and window-scaling were merged because both are useful in some

-- Brooks

Attachment: signature.asc
Description: PGP signature

Reply via email to