On Fri, 2019-04-05 at 20:45 +0000, David Woodhouse wrote: > > > > Cat /proc/crypto | grep module > > > > includes the output "module : aesni_intel > > > > Does that mean "yes?" > > > > If "not necessarily," let me know how to query that. > > It means the hardware does. Not necessarily the particular piece of > software we care about though. > > > (and just an academic question: Is GnuTLS involved in ESP > > traffic? Or is > > that only SSL?) > > Yes, we use the crypto library for that. I'm insane, but not insane > enough to do my own crypto. you can verify which cpu optimizations are enabled either when running openconnect or gnutls-cli benchmark by exporting GNUTLS_DEBUG_LEVEL=3 prior to running it. You'll see something like: gnutls[2]: Enabled GnuTLS 3.6.7 logging... gnutls[2]: getrandom random generator was detected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator (AVX) was detected regards, Nikos _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
