Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 6 Feb 2011 08:42:27 -0500
From:      Bill Moran <>
To:        kellyremo <>
Cc:        FreeBSD <>
Subject:   Re: OpenSSH could be faster...then why don't they path it??
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
In response to kellyremo <>:

> "SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwith network links. Modifying the ssh code to allow the buffers to be defined at run time eliminates this bottleneck. We have created a patch that will remove the bottlenecks in OpenSSH and is fully interoperable with other servers and clients. In addition HPN clients will be able to download faster from non HPN servers, and HPN servers will be able to receive uploads faster from non HPN clients. However, the host receiving the data must have a properly tuned TCP/IP stack."
> My question is: So Why Does the original OpenSSH has "limited statically defined internal flow control buffers"?? It could be way faster, even 10x!!

Because it's unstable?:

"If you are experiencing disconnects due to a failure in
buffer_append_space please let us know. We're currently tracking some
problems with this and we're trying to gather more information to help
resolve it."

Also, I'm having trouble understanding how people like that get grants
to do work like that.  On the one hand, they obviously know enough about
cryptography to make improvements.  On the other hand, they can't seem
to get a grip on the fact that the code will need to have a license
before anyone can grab it and incorporate it.  I can't find anywhere on
that page where it tells me what terms I am allowed to use those patches

Also, it would be nice if those folks kept track of dates.  Like, how long
have those patches be available?  There's not a single date on any of
those pages or the files involved.  The reason I point this out is because
OpenSSL is _extremely_ sensitive software.  I don't want to see any
large changes to it released until they've been in testing for months,
if not years.  For all we know, these speed improvements are riddled with
dozens of security flaws.

Also, any reason why you're asking these questions of FreeBSD and not of
the OpenSSL project?

Bill Moran

Want to link to this message? Use this URL: <>