similar to: Impact of cipher and authentication to performance

I am trying to get tinc to use aes-128-cbc for it's encryption algorythm for network traffic. So far, I'm not having any luck. I've tried putting it into the tinc.conf file, and it turns out that tinc is ignoring that code completely. I'm using tinc 1.0.4 (in TCP mode). Openssl version 0.9.7d. I've made some initial investigation into the source, and in net_setup.c I

Hello, I understand that I can use the openssl ciphers and digests available on my systems, i.e. those in the list generated by "openssl list-cipher-commands" and "openssl list-message-digest-algorithms". I want to create a admin vpn network between my servers and my workplace. Network throughput is not a big issue, I am using ssh and the cli, however I would also do

I have a simple pair of nodes set up, connected wirelessly, with tincd 1.0.16 running in switch mode. Setting Cipher and Digest to "none", and Compression to 0, the bridge is still CPU-bound, with most of tincd's CPU time spent in libcrypto. I narrowed it down to this line in net_setup.c: myself->connection->outcipher = EVP_bf_ofb(); It looks as though all outgoing data is

Wow, three threads in two days, I promise to be less loquacious from now on. Anyways, I've decided to run CentOS over Whitebox on my firewall because of the timeliness of updates. Is there some way I can assist in the CentOS effort? It would be nice if there were a "wanted" section on y'all's web site detailing ways to assist with CentOS, if any. --Shawn -- -- Shawn

Hallo, A question about the tinc Cipher= and Digest= values: Do these values absolutely need to be identical on both "sides" for the connection to work? Or does it only affect the outgoing side of the packets but not the receive? For example three nodes, two with ConnectTo= to Hub H, and on host A I have a hosts/H and hosts/B entry with: Cipher=blowfish Digest=sha1 But on host B

Anyone read the rough cuts of this book? I''m interested in checking it out because Bruce Tate''s work is always great. How does it compare to the agile books (2nd edition) in terms of timeliness, difficulty, etc. Thanks! Nathan -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hello everybody, First a big thanks for tinc-vpn I am still using it next to wireguard and openvpn. I am having a setup where the tinc debian appliance is at 100% cpu load doing about 7.5MB/s. Compression = 9 PMTU = 1400 PMTUDiscovery = yes Cipher = aes-128-cbc How can I pick a cipher that is the fasted for my CPU and don't create a CPU bottleneck at 100%. Kind regards, Jelle de Jong

<dag at cray.com> writes: > Sean Silva <silvas at purdue.edu> writes: > >>> Really, patches get dropped *all the time* to the point where pings are >>> a regular part of the development process. That's a huge waste of time >>> for everyone. >> >> It's only a waste of time if your workflow is entirely synchronous >> with patch

Hi, i try to etablish unencrypted onnection and have in my config: Cipher=aes But this causes the following error: 2018-05-23 12:08:27 tinc.backbone[14746]: tincd 1.0.31 starting, debug level 5 2018-05-23 12:08:27 tinc.backbone[14746]: Got fatal signal 11 (Segmentation fault) 2018-05-23 12:08:27 tinc.backbone[14746]: Trying to re-execute in 5 seconds... I have no idea what i'm doing

> - I have to *remember* I submitted the patch (not hard, but it is a > cost). If you forgot, the chances are high that the patch was unimportant. I do my development on local git branches, so every time I do `git branch`, I'm reminded. There's really no overhead. > - I have to save that e-mail from llvm-commits so I can refer to it when > the inevitable ping is

>From what I can gather from googling, using rsync over ssh without a cipher is not possible since some changes to the openssh package. ?Is this true? ?I have been using a CPU friendly cipher but feel that it is best to use no cipher at all (secured network). rsync -avxu --progress -e 'ssh -c arcfour128' /path/to/source/ user at server:/path/to/destination/ Thanks in advance!

While compiling openssl with option `no-des', it caused the openssh build failure ... cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function); ... Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com> --- cipher.c | 2 ++ configure.ac | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/cipher.c b/cipher.c index

When my client connects, I see this in my log: dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits) Whereas, when client connects to my postfix server, I see: Anonymous TLS connection established from * TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) how can I tell dovecot to use AES256, instead of AES128 ? is this set by ssl_cipher_list ? Here are my current

Hello all, I tried to connect to the server that supports protocol 1: # ssh -1 -o "cipher none" remotehost <No valid SSH1 cipher, using 3des instead> As per the code in sshconnect1.c, it has to alert the user about "none" cipher usage. try_challenge_response_authentication() { .... if (options.cipher == SSH_CIPHER_NONE)

Hi, could it be possible to log the TLS cipher suite as Postfix does? This is a typical TLS Dovecot log line: imap-login: Login: user=<user at acme.com>, method=DIGEST-MD5, rip=1.2.3.4, lip=4.3.2.1, mpid=19671, TLS, session=<Jsvr46wt2c1ScQfY> This is the Postfix equivalent postfix/smtp[59723]: Anonymous TLS connection established to mail.acmne.com[1.2.3.4]:25: TLSv1.2 with cipher

Hello, Does anybody know how cam I enable the usage of the 'none' cipher in OpenSSH 4.7 yours, Mihai

We recently upgraded from dovecot 2.2 to 2.3.7.1-1 Not many, but some users are experiencing difficulties. The dovecot directors log: Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher,

> SSL3 is no longer included in the cipher sets. Try this: > > ssl_min_protocol = SSLv3 Thanks. Unfortunately, no dice - same error. Any other tips? I was under the impression "no shared cipher" was rather the problem? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This

Hi, I implemented a patch for porting the Camellia block cipher to one of the OpenSSH-usable cipher. Camellia is one of the approved encryption methods of NESSIE and has specified in several RFCs. I put the patch at: http://www.is.titech.ac.jp/~yanagis0/text/camellia/openssh-4.6p1-0.2.patch in http://www.is.titech.ac.jp/~yanagis0/text/camellia-e.html. I hope you will enjoy this patch and

http://bugzilla.mindrot.org/show_bug.cgi?id=675 Summary: cipher.c error when building against openssl 0.9.5a on Mandrake 7.2 Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: