When testing chacha20-poly1305, I noticed that aes-gcm is significantly
faster than aes-ctr or aes-cbs with umac. Even on systems w/o aes-ni
or other recent instruction set additions.
And there seems to be consensus in the crypto community that AEAD
ciphers are the way forward.
As such, it promoting the AEAD ciphers to the head of the preference
list looks like a good idea.
That would mean either:
#define KEX_DEFAULT_ENCRYPT \
AESGCM_CIPHER_MODES \
"chacha20-poly1305 at openssh.com," \
"aes128-ctr,aes192-ctr,aes256-ctr," \
"arcfour256,arcfour128," \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
or:
#define KEX_DEFAULT_ENCRYPT \
"chacha20-poly1305 at openssh.com," \
AESGCM_CIPHER_MODES \
"aes128-ctr,aes192-ctr,aes256-ctr," \
"arcfour256,arcfour128," \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
The fact that AESGCM_CIPHER_MODES expands to "" when compiled against
versions of openssl which lack EVPGCM may put a damper in that, but
perhaps it still seems better to use whichever AEADs are available
whenever they are available.
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
