Hello, I tried to optimize ssh server and client config to minimize the ssh connection time while keeping things resonably secure. I observed that timing of `ssh vm true` when running against a VM on my laptop was at least 50% times slower when using curve25519-sha256 compared with diffie-hellman-group-exchange-sha256. With openssh 6.6p1 on both a client and server the best timing when running ssh -o Ciphers=aes128-gcm@xxxxxxxxxxx -o KexAlgorithms=diffie-hellman-group-exchange-sha256 vm-name true was 95ms while the best result for ssh -o Ciphers=aes128-gcm@xxxxxxxxxxx -o KexAlgorithms=curve25519-sha256@xxxxxxxxxx vm-name true was 140ms with much greater deviation among results so on average it run 2 times slower. Is it just an artifact of less optimized implementation or is this inherited in 25519 design? Also, could rather significant variation in results be used to learn how busy the box is or this is normal as key exchange timing is variable by design? _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev