SMB3 encryption performance

Michael Ledford michael at
Sat Feb 14 13:41:46 MST 2015

On Sat, Feb 14, 2015 at 5:48 AM, Volker Lendecke
<Volker.Lendecke at> wrote:
> On Fri, Feb 13, 2015 at 10:29:27PM -0500, Michael Ledford wrote:
> > I've been investigating the performance of using a SMB3 encrypted
> > connection. Given the performance vs non-encrypted connections it seems
> > that encryption isn't being offloaded to CPU supported AES-NI. I found a
> > list message that indicates that AES encryption is performed by GSSAPI and
> > states that it should be up to the system libraries to provide support. <
> >>
> > However, giving a terse look at the source it appears that AES functions
> > are provided.
> That's correct, right now we don't use any hardware assisted
> AES. We do need this as a fallback for CPUs that don't have
> the instructions, but we did not yet get around to code the
> CPU specific pieces.
> My preferred way would be to do this via some kind of
> library. As Simo just pointed out, there's a ton of crypto
> libraries around, and I don't have a clue which one to
> choose.
> Any opinions?

There are a few libraries that can provide CPU optimization for AES.
Here are a few which might fit.

If you are looking for a C based library then libgcrypt
<> might be a good choice.

If you don't mind C++ then either Botan <>
or Crypto++ <> might be a good choice.


More information about the samba-technical mailing list