Date: Wed, 7 Nov 2001 18:57:31 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Nick Slager <ns@BlueSkyFrog.COM> Cc: Darren Reed <avalon@cairo.anu.edu.au>, <freebsd-security@FreeBSD.ORG> Subject: Re: KAME IPsec on low-end hardware Message-ID: <20011107185550.K39446-100000@achilles.silby.com> In-Reply-To: <20011108105421.A3785@BlueSkyFrog.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 8 Nov 2001, Nick Slager wrote: > > Hmmm, odd. I've just changed the encryption/hash to DES/MD5. > > No change in response times. > > Hmmm, seems that I failed to do this correctly last night :-\ > > Changing the encryption/hash to DES/MD5 *does* indeed make a difference > to response times; I'm consistently seeing rtt times of 13-14ms now. > > Compare this to the "default" triple-DES/SHA-1 scheme, which > consistently comes in at 33-34ms. Well, if you have a lot of free time, you could try wedging the openssl assembly cores into the kernel; they perform about 2x faster than their C equivalents, at least on p5 and better processors. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011107185550.K39446-100000>