This documents compares network transfer speed of each cipher, which was measured on 3 CPU types, to help to determine which cipher should be set to the GLOBUS_GSSAPI_CIPHERS environment vairable. Please see gfarm_environ(7) man page for the GLOBUS_GSSAPI_CIPHERS setting.
bio type | cipher type | speed [Mbps] | note | ||
---|---|---|---|---|---|
Xeon E5-2695 | Xeon X5670 | Opteron 2218 | |||
socket | plain text | 12070 | 5510 | 940 | insecure |
ssl | AES128-GCM-SHA256 | 4180 | 2270 | 410 | |
ssl | AES256-GCM-SHA384 | 3890 | 2200 | 330 | |
ssl | NULL-MD5 | 2640 | 1810 | 940 | no encryption |
ssl | AES128-SHA | 2630 | 1630 | 640 | |
ssl | RC4-MD5 | 2440 | 1630 | 940 | too weak |
ssl | AES256-SHA | 1840 | 1590 | 560 | |
ssl | RC4-SHA | 1820 | 1300 | 940 | too weak |
cipher | aes-128-cbc | 1740 | 2080 | 900 | no message authentication |
cipher | aes-192-cbc | 1640 | 1910 | 810 | no message authentication |
cipher | aes-256-cbc | 1540 | 1770 | 750 | no message authentication |
ssl | NULL-SHA256 | 1350 | 980 | 790 | no encryption |
ssl | AES128-SHA256 | 950 | 850 | 510 | |
ssl | AES256-SHA256 | 950 | 820 | 450 | |
ssl | CAMELLIA128-SHA | 760 | 690 | 580 | |
cipher | bf-cbc | 750 | 670 | 620 | no message authentication |
ssl | CAMELLIA256-SHA | 620 | 580 | 520 | |
ssl | IDEA-CBC-SHA | 500 | 440 | 310 | |
ssl | SEED-SHA | 400 | 410 | 370 | |
ssl | DES-CBC3-pMD5 | 160 | 170 | 150 |
cpu type | clock [GHz] | released year | micro architecture | AES-NI instruction set | network type |
---|---|---|---|---|---|
Xeon E5-2695 | 2.40 | 2013 | Ivy Bridge-EP | yes | InfiniBand |
Xeon X5670 | 2.93 | 2010 | Westmere | yes | InfiniBand |
Opteron 2218 | 2.60 | 2007 | Istanbul | no | 1000BASE-T |
NOTE:
What you can set to the GLOBUS_GSSAPI_CIPHERS environment variable is
one of the cipher types which "bio type" is "ssl".
NOTE:
Usually, AES256-GCM-SHA384 is used as the default cipher type.