Skip to content
This repository has been archived by the owner on Nov 18, 2022. It is now read-only.

Remove suggestion about RC4 cipher #611

Closed
hugbug opened this issue Feb 28, 2019 · 1 comment
Closed

Remove suggestion about RC4 cipher #611

hugbug opened this issue Feb 28, 2019 · 1 comment
Milestone

Comments

@hugbug
Copy link
Member

hugbug commented Feb 28, 2019

Settings page of web-interface suggests RC4-MD5 as fastest cipher. This is not true for modern CPUs with hardware support for AES.

The settings page should be updated to reflect that. The same applies to article Choosing Cipher.

@animetosho
Copy link

Hi, I thought I'd bring this up as there was some discussion around this topic.

I note that the page now mentions AES128-SHA or AES256-SHA (though you actually tested AES128 in your benchmark here and found that to be fastest).

My general recommendation would be:

  • AES128 for most users
  • CHACHA20:RC4-MD5 if running an old CPU without AES acceleration. This may not work (CHACHA20 has low adoption and not available in OpenSSL 1.0.1, and RC4-MD5 is removed in OpenSSL 1.0.2 (?) or later), so if it doesn't, AES128+SHA (note the + instead of -) is probably the best bet
  • I don't know about GnuTLS, but OpenSSL is generally faster from experience (may no longer be true, I've done no testing with GnuTLS in the last few years). If my presumption holds true, performance conscious users may wish to use OpenSSL instead

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants