SMB3 encryption performance

Volker Lendecke Volker.Lendecke at SerNet.DE
Sat Feb 14 03:48:44 MST 2015

On Fri, Feb 13, 2015 at 10:29:27PM -0500, Michael Ledford wrote:
> I've been investigating the performance of using a SMB3 encrypted
> connection. Given the performance vs non-encrypted connections it seems
> that encryption isn't being offloaded to CPU supported AES-NI. I found a
> list message that indicates that AES encryption is performed by GSSAPI and
> states that it should be up to the system libraries to provide support. <
> However, giving a terse look at the source it appears that AES functions
> are provided.

That's correct, right now we don't use any hardware assisted
AES. We do need this as a fallback for CPUs that don't have
the instructions, but we did not yet get around to code the
CPU specific pieces.

My preferred way would be to do this via some kind of
library. As Simo just pointed out, there's a ton of crypto
libraries around, and I don't have a clue which one to

Any opinions?


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen, mailto:kontakt at

More information about the samba-technical mailing list