Hi,
I just notice:
/usr/share/perl5/PVE/Cluster.pm
sub setup_rootsshconfig {
if (my $fh = IO::File->new($rootsshconfig, O_CREAT|O_WRONLY|O_EXCL, 0640)) {
# this is the default ciphers list from debian openssl0.9.8 except blowfish is
added as prefered
print $fh "Ciphers
blowfish-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc\n";
close($fh);
}
}
Any reason to still use blowfish-cbc ? I think aes should be faster with
hardware acceleration.
also, maybe could we add chacha20-poly1305 to the ciphers list, it's fast too
when aes is not available in hardware.
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
