chisel icon indicating copy to clipboard operation
chisel copied to clipboard
verified publisher icon jpillora

How to disable the encryption to improve performance?

Open NavpreetDevpuri opened this issue 3 years ago • 6 comments

As mentioned in this #347, It is slow because of encryption. I don't have any security concerns as the user only use HTTPS, and the user is well aware of security. So, is there any way to just disable the encryption in order to improve performance? what changes should I make in the code? Is not it better to have some options like --disable-encryption that also show some warnings about security?

NavpreetDevpuri avatar Oct 14 '22 05:10 NavpreetDevpuri

I don’t think it’s the encryption that slows it down, I believe it’s the SSH protocol overhead combined with a lack of performance tuning throughout the code base

Feel free to benchmark though, you might be able to edit the code to use a null cipher - this will likely require forking the ssh package too…

On Fri, 14 Oct 2022 at 4:31 pm Navpreet Singh Devpuri < @.***> wrote:

As mentioned in this #347 https://github.com/jpillora/chisel/issues/347, It is slow because of encryption. I don't have any security concerns as the user only use HTTPS, and the user is well aware of security. So, is there any way to just disable the encryption in order to improve performance? what changes should I make in the code?

— Reply to this email directly, view it on GitHub https://github.com/jpillora/chisel/issues/384, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE2X46KVB3OY2A2SX5I73LWDDV4LANCNFSM6AAAAAARE4YELA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

jpillora avatar Oct 14 '22 05:10 jpillora

@jpillora Thanks for the quick reply, I will try.

NavpreetDevpuri avatar Oct 14 '22 06:10 NavpreetDevpuri

It is slow because of encryption

No, that is not right like this. It is mostly slow because of the encapsulation of multiple protocols which generates quite some overhead. TLS is not adding much overhead to that.

SuperSandro2000 avatar Oct 23 '22 01:10 SuperSandro2000

I does understand this Issue - to have an option to disable SSH (and leave TLS / HTTPS / WebsocketS).

Is this possible?

genofire avatar Dec 15 '22 01:12 genofire

No SSH provides connection multiplexing (virtual TCP in TCP)

On Thu, 15 Dec 2022 at 12:10 pm genofire @.***> wrote:

I does understand this Issue - to have an option to disable SSH (and leave TLS / HTTPS / WebsocketS).

Is this possible?

— Reply to this email directly, view it on GitHub https://github.com/jpillora/chisel/issues/384#issuecomment-1352429065, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE2X476F3Y5KQJVIXMK4QLWNJVY5ANCNFSM6AAAAAARE4YELA . You are receiving this because you were mentioned.Message ID: @.***>

jpillora avatar Dec 15 '22 01:12 jpillora

To anyone looking for alternative, might i suggest https://github.com/rapiz1/rathole. It support tunneling via websocket. From my brief benchmark using iperf3, it can attain almost 2x the bandwith of ssh tunnel.

rucciva avatar Oct 17 '23 12:10 rucciva