SMB3 encryption performance
simo at samba.org
Sat Feb 14 15:04:25 MST 2015
On Sat, 2015-02-14 at 11:48 +0100, Volker Lendecke wrote:
> On Fri, Feb 13, 2015 at 10:29:27PM -0500, Michael Ledford wrote:
> > I've been investigating the performance of using a SMB3 encrypted
> > connection. Given the performance vs non-encrypted connections it seems
> > that encryption isn't being offloaded to CPU supported AES-NI. I found a
> > list message that indicates that AES encryption is performed by GSSAPI and
> > states that it should be up to the system libraries to provide support. <
> > https://lists.samba.org/archive/samba-technical/2013-May/092081.html>
> > However, giving a terse look at the source it appears that AES functions
> > are provided.
> That's correct, right now we don't use any hardware assisted
> AES. We do need this as a fallback for CPUs that don't have
> the instructions, but we did not yet get around to code the
> CPU specific pieces.
> My preferred way would be to do this via some kind of
> library. As Simo just pointed out, there's a ton of crypto
> libraries around, and I don't have a clue which one to
> Any opinions?
The best hardware assisted code afaik is found in OpenSsl (usually the
first to get any support) or NSS libraries, all others trail if they
have any HW support at all.
More information about the samba-technical