I had found an older thread saying that the "XCBC" hashes were OK, since they were effectively "free" as long as you used one of the AES-GCM ciphers. Same thread (can't find it now, sorry) also indicated that the GCM mode ciphers were more, uh, completely??/rapidly?? accelerated than CBC. Can't vouch for the accuracy, this is just what I found when I had the same question last year. -Adam
On December 9, 2017 2:56:07 PM CST, Chris L <[email protected]> wrote: >AES-GCM with all hashes disabled in the ESP/Phase 2. > > >> On Dec 9, 2017, at 12:03 PM, Karl Fife <[email protected]> wrote: >> >> You might try... >> >> (Wait for it) >> >> ...AES. >> >> >> On 12/9/2017 4:02 AM, Eero Volotinen wrote: >>> Hi, >>> >>> What is the best ipsec ciphers for aes-ni ipsec acceleration? >>> >>> Eero >>> _______________________________________________ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > >_______________________________________________ >pfSense mailing list >https://lists.pfsense.org/mailman/listinfo/list >Support the project with Gold! https://pfsense.org/gold -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
