18.7.1 Call for Testing #134
rapier1
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello all,
We have a new version coming out shortly and if we could get some real world testing I'd appreciate it. You can get this from our git repo in the dev_minor branch.
There are 2 main changes since 18.7.0.
This is for use on dual stack systems meaning that they have both IPv4 and IPv6 TCP stacks. When enabled this option will try to connect to the target over both IPv4 and IPv6 with preference given to IPv6. This preference is created by giving IPv6 a 250ms head start over the IPv4 connection. Users can change this with the HappyDelay option. The first connection that completes successfully will be used. Any outstanding connection attempts will be closed. As of version 18.7.1 this option should be considered somewhat experimental.
usage:
-oHappyEyes=[Yes|No] will enable Happy Eyeballs. The default is no.
-oHappyDelay=[N] where N is a positive integer expressed in
milliseconds. The default value of 250ms is
suggested by RFC 8305.
FIPS Mode and Parallel Ciphers
Using HPN-SSH in operating systems working in FIPS mode (e.g. RHEL with FIPS enabled) preclude the use of parallel ciphers. This is because the parallel AES-CTR implementation is not FIPS certified and will cause FIPS to exit with an error when loaded. In the case of the parallel ChaCha20 cipher the algorithm itself has not been FIPS certified and no implementation of ChaCha20 should be allowed in FIPS mode. We suggest the use of the AES-GCM cipher when operating under FIPS mode for optimal performance. This is behaviour is not user adjustable.
Minor Changes
The 64bit XOR method used in AES-CTR-MT was causing undefined behaviour. We have reduce the maximum bit size of an XOR to 32 bits until we develop a better XOR method. XORing is one of those things that can have an outsized impact on performance so please let us know if you see any noticeable performance hit. Also, if anyone wants to solve the XOR issue for us we'd love the help. Various changes have been made to the CI system on github and we've changed some minor parts of the regression test suites.
For those that only use the DynamicWindow branch there are no changes at this time.
Thanks!
Chris
Beta Was this translation helpful? Give feedback.
All reactions