Last active
March 20, 2021 15:18
-
-
Save tolgahanakgun/a6288cf8ce36b06457e354d7068eea37 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Linux rock64 4.4.167-1213-rockchip-ayufan-g34ae07687fce #1 SMP Tue Jun 18 20:44:49 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux | |
rock64@rock64:~$openssl speed -aead -evp aes-128-gcm | |
rock64@rock64:~$openssl speed -aead -evp aes-256-gcm | |
rock64@rock64:~$openssl speed -aead -evp chacha20-poly1305 | |
type 2 bytes 31 bytes 136 bytes 1024 bytes 8192 bytes 16384 bytes | |
---- ------- -------- --------- ---------- ---------- ----------- | |
aes-128-gcm 2326.81k 29137.11k 108788.53k 360005.63k 482115.58k 492399.27k | |
aes-256-gcm 2256.78k 28163.19k 102470.97k 320374.44k 420995.35k 423843.16k | |
chacha20-poly1305 807.76k 11608.37k 32482.65k 129967.34k 167075.84k 169951.23k | |
SO, This order ciphersuite order is more performant in Apache: | |
SSLHonorCipherOrder On | |
SSLProtocol -all +TLSv1.3 +TLSv1.2 | |
SSLCipherSuite SSL ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305 | |
SSLCipherSuite TLSv1.3 TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 | |
# Remove all pre-existing keys in the rock64 and regenerate | |
sudo rm /etc/ssh/ssh_host* | |
sudo ssh-keygen -A | |
# Cipher suite selection for sshd on Rock64 | |
# Add these lines at the end of /etc/ssh/sshd_config file | |
Ciphers aes128-ctr,aes192-ctr,aes256-ctr | |
HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss | |
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256 | |
MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment