On 1/12/2015 3:23 AM, Brooks Davis wrote:
On Tue, Nov 24, 2015 at 09:29:44PM +0100, Aaron Zauner wrote:
Hi,
Please forgive my ignorance but what's the reason FreeBSD ships
OpenSSH patched with HPN by default? Besides my passion for
security, I've been working in the HPC sector for a while and
benchmarked the patch for a customer about 1.5 years ago. The
CTR-multi threading patch is actually *slower* than upstream OpenSSH
with AES in CTR mode. GCM being, of course, the fastest mode on
AESNI plattforms.
We never imported the AES bits as they were broken and AESNI was
available.
The NULL mode is a security concern as some have noted, I can only
imagine that the window-scaling patch is of such importance?
Both NULL and window-scaling were merged because both are useful in some
environments.
yeah but Null was just unmerged.
window scaling is also on the block I think
-- Brooks
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
