[Swan] What are strongest ciphers that can be used for ike and phase2alg?
Paul Wouters
paul at nohats.ca
Wed Jun 1 16:01:45 UTC 2016
On Tue, 31 May 2016, Michael Furman wrote:
[ skipped everything Andrew already answered ]
> 2) According to the following link not all AES-NI hardware accelerators support AES_GCM:
> https://libreswan.org/wiki/Benchmarking_and_Performance_testing#x86_64_NUMA_Xeon_with_Intel_QuickAssist_PCIe
>
> We run on RHEL6. Do you expect any issue with AES-NI hardware accelerators and AES_GCM?
If the acceleration isn't supported, the kernel will automatically fall
back to software. So you shouldn't ever run into issues. If your
hardware does not support the GHASH acceleration, then aes_ctr and
aes_gcm are not especially accelerated. You should do a meassurement
of aes_gcm versus aes on your hardware to determine which is faster for
you. (I think aes_gcm might still be partially accelerated without
ghash, but I'm not 100% sure of that)
Paul
More information about the Swan
mailing list