Bug 3194 - Please consider lowering chacha20-poly1305@openssh.com cipher priority on AES-NI capable CPU
Summary: Please consider lowering chacha20-poly1305@openssh.com cipher priority on AES...
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: 8.3p1
Hardware: amd64 Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-19 03:33 AEST by Fabio
Modified: 2021-04-23 15:04 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fabio 2020-07-19 03:33:48 AEST 
Even in 8.3p1 (using libcrypto) chacha20-poly1305@openssh.com is a lot slower than aes ciphers on AES-NI capable hardware.

aes128-gcm@openssh.com is 23% faster on Xeon Westmere (the first Intel CPU with AES-NI) and 47% faster on Kaby Lake.

On Kaby Lake:

aes128-gcm@openssh.com        : 540MB/s
aes256-gcm@openssh.com        : 535MB/s

aes128-ctr                    : 445MB/s
aes192-ctr                    : 446MB/s
aes256-ctr                    : 436MB/s

chacha20-poly1305@openssh.com : 364MB/s

Please consider making aes128-gcm@openssh.com the default.
Comment 1 Damien Miller 2020-07-20 14:10:41 AEST 
We don't plan on reordering ciphers based on local platform capabilities. We do offer the =^ trick to make it easy for users to do so. E.g.

Ciphers ^aes256-gcm@openssh.com,aes128-gcm@openssh.com 

Will move those two ciphers to the head of the list.
Comment 2 Damien Miller 2021-04-23 15:04:36 AEST 
closing resolved bugs as of 8.6p1 release