View Issue Details

IDProjectCategoryView StatusLast Update
0001071bareos-coredirectorpublic2019-12-18 15:24
Reporterberen Assigned Toarogge  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionno change required 
PlatformLinuxOSDebianOS Version8
Product Version18.2.5 
Summary0001071: bareos is preferring chacha cipher for all comms even on devices with aes-ni
Descriptionbareos is preferring chacha cipher for all comms even on devices with aes-ni, which is far slower and takes up far more cpu. Chacha should not be used unless one of the components does not have aes-ni support.
Steps To Reproducedefault, none needed
TagsNo tags attached.

Activities

arogge

arogge

2019-04-02 11:37

manager   ~0003309

If you don't configure Bareos it will use the system's default cipherlist.
Do you see ciphers and or a cipher order that is not your system's default setting?
beren

beren

2019-04-02 14:03

reporter   ~0003310

My system has nothing set anywhere, and I could not find any documentation on how to set it for bareos. At least there should be a commented out section in the config that shows how to do it. This is all new with the tls-psk feature.
arogge

arogge

2019-04-02 14:31

manager   ~0003311

The system's default cipher list is what "openssl ciphers" returns. This is the default that any openssl based application uses unless it configures its cipherlist.

Having said that, you can configure this list of ciphers with the TlsCipherList option.
You're right that the documentation for TlsCipherList can be improved a lot (i.e. it is not currently documented).

Issue History

Date Modified Username Field Change
2019-03-28 20:08 beren New Issue
2019-04-02 11:37 arogge Assigned To => arogge
2019-04-02 11:37 arogge Status new => feedback
2019-04-02 11:37 arogge Note Added: 0003309
2019-04-02 14:03 beren Note Added: 0003310
2019-04-02 14:03 beren Status feedback => assigned
2019-04-02 14:31 arogge Note Added: 0003311
2019-04-11 09:08 arogge Status assigned => resolved
2019-04-11 09:08 arogge Resolution open => no change required
2019-12-18 15:24 arogge Status resolved => closed