3.2.3. OpenSSL Intel AES-NI Engine

The Intel Advanced Encryption Standard (AES) New Instructions (AES-NI) engine is available for certain Intel processors, and allows for extremely fast hardware encryption and decryption.


For a list of Intel processors that support the AES-NI engine, refer to: Intel's ARK.
The AES-NI engine is automatically enabled if the detected processor is among the supported ones.
To check if the engine is enabled, run the following command as the root user:
openssl engine -c -tt
To test its speed, run the following command as root:
openssl speed aes-128-cbc
To test the speed of OpenSSH you can run a command like the following:
~]# dd if=/dev/zero count=100 bs=1M | ssh -c aes128-cbc localhost "cat >/dev/null"
root@localhost's password: 
100+0 records in
100+0 records out
104857600 bytes (105 MB) copied, 4.81868 s, 21.8 MB/s
You can find out more about the AES-NI engine at the following URL: http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/.