[pve-devel] default ciphers ssh tunnel for migration?
Alexandre DERUMIER
aderumier at odiso.com
Tue May 30 17:18:37 CEST 2017
Hi,
I just notice:
/usr/share/perl5/PVE/Cluster.pm
sub setup_rootsshconfig {
if (my $fh = IO::File->new($rootsshconfig, O_CREAT|O_WRONLY|O_EXCL, 0640)) {
# this is the default ciphers list from debian openssl0.9.8 except blowfish is added as prefered
print $fh "Ciphers blowfish-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc\n";
close($fh);
}
}
Any reason to still use blowfish-cbc ? I think aes should be faster with hardware acceleration.
also, maybe could we add chacha20-poly1305 to the ciphers list, it's fast too when aes is not available in hardware.
More information about the pve-devel
mailing list