On Wed, Oct 19, 2022 at 01:56:47PM +0200, Vitaly Zaitsev via devel wrote: > On 19/10/2022 10:31, Neal Gompa wrote: > > HTTPS does not help with that. It's just a transport protocol. > > It will. All requests will be encrypted. ISP will only see server's > IP-address and its hostname (only if SNI is enabled). > > > Not in any meaningful way, and in most cases HTTPS makes mirrors slower too. > > No. All modern servers support AES-NI, so encryption doesn't slow down > servers.
AES-NI does not provide infinite speed. Each CPU has a limit to how much data it can shuffle through AES-NI in a given timeframe. AES-NI may well be x10 faster than doing AES in software with generic instructions, but it still has a performance upper bound. In my previous testing of AES-NI for QEMU live migration, I was unable to saturate the max available NIC bandwidth available. It was massively better than not using AES-NI, but not encrypting at all was still faster by a significant degree. IOW, the impact of AES on server peformance will vary depending on CPU models, NIC models / network switches and whether other workloads are competing for CPU time. Admins need to decide what tradeoffs are important to them. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
