[Pkg-swan-devel] Bug#849816: Enable AES hardware acceleration (AES-NI)
Dan Guido
dguido at gmail.com
Sat Dec 31 13:06:43 UTC 2016
Package: strongswan
Version: 5.5.1-2
Severity: wishlist
Please enable AESNI support via the --enable-aesni flag.
AES must be accelerated to run strongSwan at acceptable speeds on very
low resourced cloud providers. strongSwan includes support for
specialized CPU instructions available on most x86 and amd64
processors to accelerate AES. This feature is only used if the
supported CPU instructions are present.
Enabling this feature will help a larger population of users to take
advantage of strong crypto to protect their communications.
This feature must be enabled via the --enable-aesni configuration option [1]:
--enable-aesni
enable Intel AES-NI crypto plugin [ no ]. Since 5.3.1.
This is the official description of the feature [2]:
The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
instructions and works on both x86 and x64 architectures. It provides
superior crypto performance in userland without any external libraries.
[1] https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf
[2] https://wiki.strongswan.org/versions/56
Thanks!
More information about the Pkg-swan-devel
mailing list