"Cipher = none" doesn't seem to be working properly
Brian Prodoehl
bprodoehl at gmail.com
Sun Aug 7 16:57:31 CEST 2011
I have a simple pair of nodes set up, connected wirelessly, with tincd
1.0.16 running in switch mode. Setting Cipher and Digest to "none",
and Compression to 0, the bridge is still CPU-bound, with most of
tincd's CPU time spent in libcrypto. I narrowed it down to this line
in net_setup.c:
myself->connection->outcipher = EVP_bf_ofb();
It looks as though all outgoing data is encrypted with blowfish,
regardless of the Cipher setting. I pulled that assignment of
outcipher up to match what happens with incipher, and then my bridge
throughput doubled and tincd is no longer spending all that time in
libcrypto. I didn't have a chance to test other Cipher settings, so
what I did may completely break encryption. How should outcipher be
set?
-Brian
More information about the tinc
mailing list