Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenSSL/OpenVPN Performance - CBC and GCM ciphers

    OpenVPN
    2
    2
    274
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Xentrk
      Xentrk last edited by

      We have had some fun comparing CPU OpenSSL performance in the snbforums.com site recently in the Router thread. I summarized the discussion in a blog post here https://x3mtek.com/openvpn-performance/.

      Likewise, @kvic also posted similar findings in his blog site at https://kazoo.ga/quick-benchmark-cbc-vs-gcm/.

      From the tests, GCM ciphers replace CBC as the go to cipher for OpenVPN speed and performance. Hopefully, your provider has already updated to OpenVPN 2.4 so you can take advantage of the improvements.

      pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
      Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

      1 Reply Last reply Reply Quote 0
      • B
        bcruze last edited by

        can you list providers that have moved to this cipher?

        i am still using CBC with no issues

        also this: https://www.netgate.com/blog/more-on-aes-ni.html

        "AES-GCM in particular has problems with side-channel attacks on pure software implementations. ChaCha20, which nicely avoids these issues when in software, isn’t an option. This is because: a) it’s not RFC-compliant, and b) there are currently no acceleration offloads for it, and the situation is that there could be thousands, or tens of thousands of pfSense instances hitting a single (clustered) instance of our cloud management platform."

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy