Package: strongswan Version: 5.5.1-2 Severity: wishlist Please enable AESNI support via the --enable-aesni flag.
AES must be accelerated to run strongSwan at acceptable speeds on very low resourced cloud providers. strongSwan includes support for specialized CPU instructions available on most x86 and amd64 processors to accelerate AES. This feature is only used if the supported CPU instructions are present. Enabling this feature will help a larger population of users to take advantage of strong crypto to protect their communications. This feature must be enabled via the --enable-aesni configuration option [1]: --enable-aesni enable Intel AES-NI crypto plugin [ no ]. Since 5.3.1. This is the official description of the feature [2]: The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ instructions and works on both x86 and x64 architectures. It provides superior crypto performance in userland without any external libraries. [1] https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf [2] https://wiki.strongswan.org/versions/56 Thanks!
