![]() ![]() I intentionally skipped the ciphers with key length less than 128 bit (DES(56), RC2(40), etc.) they cannot be considered secure nowadays. Lets write down all Enc and Mac algorithms listed in the table:Įnc: AES(256), 3DES(168), AES(128), RC2(128), RC4(128). Now we must choose a cipher suite with the fastest Enc and Mac ciphers. Kx (key exchange) and Au (authentication) are performed only during the establishing connection and are therefore not relevant for performance.Įnc (encryption algorithm) and Mac (message authentication code algorithm) are used to encrypt/decrypt the data stream and have direct impact on performance. It is for SSL version 3, the key exchange algorithm ( Kx) is DH, the authentication algorithm ( Au) is RSA, the encryption algorithm ( Enc) is AES(256), the message authentication code algorithm ( Mac) is SHA1. ![]() This cipher suite name is DHE-RSA-AES256-SHA. Some cipher suits can be used in both SSL versions and therefore have two rows in the list for the same cipher suite name.Ĭolumn Kx is the algorithm used for key exchange.Ĭolumn Au is the algorithm for authentication.Ĭolumn Enc is the bulk encryption algorithm used to encrypt the message stream.Ĭolumn Mac is the message authentication code (MAC) algorithm used to create the message digest, a cryptographic hash of each block of the message stream.įor example take a detailed look at the first row The second column indicates the SSL version (v2 or v3) where the cipher suite can be used. This name must be used in NZBGet in option ServerX.Cipher. RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5ĮDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1ĮDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1ĭES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1ĭES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5ĮXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 exportĮXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 exportĮXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 exportĮXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 exportĮXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 exportĮXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 exportĮXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 exportįirst column is the cipher suite name. RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 If NZBGet was compiled to use openssl ciphers -vĭHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1ĭHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1ĪES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1ĮDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1ĮDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1ĭES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1ĭES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5ĭHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1ĭHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1ĪES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 To use this cipher in NZBGet set option ServerX.Cipher to: Most tests show that the encryption/hash combination RC4/MD5 is the fastest on all machines ( NOTE: this is summary from original article written in 2015, for updates see below). Many users have followed these instructions. This should give you an idea how important the option is. NZBGet provides an option ServerX.Cipher to manually select a cipher.Įxample: on my SAT Receiver Vu+ choosing cipher RC4 has increased the speed from 2500KB/s to 3800KB/s. This cipher however may not give the best performance on your particular computer. By default the most secure cipher is selected. During TLS Handshake the client (NZBGet) and the server (news server) choose the cipher for communication. When a TLS/SSL connection is created the so called TLS Handshake process is performed. The library can be selected during configuration step of building NZBGet. NZBGet can use two TLS/SSL libraries: OpenSSL and GnuTLS. The ciphers distinguish in algorithms and key lengths. TLS/SSL specification defines many possible ciphers which can be used to encrypt data. When an encrypted communication with news server (option ServerX.Encryption) is active NZBGet and the news server use TLS/SSL protocol to exchange data in a secure way. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |