AFAIK, arcfour is considered insecure. IMHO we need a secure chipher for migration. Other tasks like the VNC proxy can use insecure cipher.
> -----Original Message----- > From: Stefan Priebe - Profihost AG [mailto:s.pri...@profihost.ag] > Sent: Dienstag, 30. Oktober 2012 10:37 > To: Dietmar Maurer > Cc: pve-devel@pve.proxmox.com > Subject: Re: [pve-devel] central cipher config > > Am 30.10.2012 10:31, schrieb Dietmar Maurer: > >> But right now blowfish is hardcoded in proxmox - i don't think that > >> this is a good idea. > > > > That is the fastest cipher available (in squeeze). > > Not to me. > > Without AES-NI (default squeeze openssl): > arcfour is the fastest. > > With AES-NI / patches openssl: > aes128-cbc is the fastest. > > Simply tested through 10GBE: > > #!/bin/bash > > for cipher in aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128- > cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour ; do > echo "$cipher" > for try in 1 2 ; do > scp -c "$cipher" test.tar root@10.255.0.24:/tmp/ > ssh root@10.255.0.24 'rm /tmp/test.tar' > done > done > > > Stefan _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
