tcp md5 / ipsec


nifty detail... when you do not have tcp md5 or ipsec in place, big tcp windows are risky

so we stay at the default 16k window, unless you have tcp md5 or ipsec, then you get 64k
if the kernel gives us 64k, of course. we deny big socket buffers if there is kernel memory starvation, but that is a rare case and then this can save your ass

conclusion: ipsec improves performance :)