Guess enough folks complained for them to change their direction on this.
pfSense 2.5.0 Development Snapshots Now Available
pfSense 2.5.0 Development Snapshots Now Available
pfSense 2.5 does not require AES-NI for now...
- Thread starter nthu9280
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
My understanding is that they're delaying implementing their new RESTful front/back end and so they're pushing the AES-NI requirement out to 2.6 when that drops. The whole point of the AES-NI requirement was to ensure that communication between their new Node.js UI and their RESTful C backend was immune to side-channel attacks against software AES.
They really don't give much of a **** about community feedback unless that feedback comes from paying customers and, largely, those customers are already running AES capable hardware that they've purchased from Netgate so there's no real incentive to implement secure AES in software.
I'm a bit cranky that perfectly good machines like the ubiquitous dual/quad gigabit J1900 won't be able to run the project post 2.6 but at the same time it's a great opportunity for a chunk of the community to move to another routing project that isn't run by Netgate.
I thought Netgate still sells HW that are not AES capable. I'm guessing that and the input from the partner ecosystem may also have played a role in the delay.