Please don't mix multiple questions into one thread.

Sorry, my bad.

Tor does not implement crypto itself (mostly) and relies on a cryptolibrary (which is OpenSSL/LibreSSL/etc) instead. Thus you should check if AES-NI is enabled in your cryptolibrary.

An excerpt from StackOverflow answer [1] about it:

$ openssl speed -elapsed -evp aes-128-cbc

$ OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc

"Output of the first line should be significantly faster than the second." If there is no AES-NI enabled in "OpenSSL" these two should give similar results.

I couldn't do that test. OpenSSL was not installed. After I installed it I could perform that test and it was positive. Here is the output:

$ openssl speed -elapsed -evp aes-128-cbc You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-cbc for 3s on 16 size blocks: 33370007 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 13118341 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 3915543 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 1029134 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 130438 aes-128-cbc's in 3.00s OpenSSL 1.0.1t 3 May 2016 built on: Fri Sep 23 17:53:23 2016 options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 177973.37k 279857.94k 334126.34k 351277.74k 356182.70k

$ OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-cbc for 3s on 16 size blocks: 6232419 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 1776077 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 454887 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 114409 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 14327 aes-128-cbc's in 3.00s OpenSSL 1.0.1t 3 May 2016 built on: Fri Sep 23 17:53:23 2016 options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 33239.57k 37889.64k 38817.02k 39051.61k 39122.26k

But it is a little confusing for me because there is this line in the logs:

Tor 0.2.9.8 (git-a0df013ea241b026) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.

From that I thought Tor used already OpenSSL but it wasn't installed. :S

I bought this board with this CPU (incl. AES-NI support) because I thought it would give a benefit.

N.B. AES-NI is not a feature of*motherboard* - it's CPU instructions (NI stands for "New Instructions").

I simply forgot that. ;)

Cheers, Patrice