PCIe NVMe SSD Slow Write Speed

Having recently purchased a Samsung SM961 PCIe MVMe SSD I was shocked to find that my write speeds were only 350MB/s.  I have the SM961 installed in a Lycom DT-129 PCIe card but I only have a x4 PCIe 2.0 slot on my current motherboard.  When I purchased the SM961 I was aware that my speeds would be impacted by the PCIe 2.0 slot but did not anticipate such poor Write speeds.  With it being an OEM product the SM961 also has no drivers supplied and at the time of writing this article Samsung and no other PC manufacturers appear to have posted optimised drivers.  I was aware that Windows 10 provides native NVMe driver support and expected reasonable performance from them.

Unhappy with the Write speeds I started to experiment and eventually found that if I disable windows write cache buffer flush in Device Manager then my Write speeds jump to just over 800MB/s which I can happily live with.

Here are my findings:

The default setting is for Write caching to be enabled and write-cache buffer flushing to be enabledTurnOnWindowsWriteCachebufferflush ASSSDTurnOnWindowsWriteCachebufferflush

I tested with write caching and write cache buffer flushing disabled

TurnOffWindowsWriteCache ASSSDTurnOffWindowsWriteCache

I then tested with write caching enabled and write-cache buffer flushing disabled.

TurnOffWindowsWriteCachebufferflush ASSSDTurnOffWindowsWriteCachebufferflush

I would be interested to hear for you so please do post your feedback or questions.

Disclaimer: Please ensure that you have and maintain a full backup of all your data before making any changes to your system.  These changes may make your system more susceptible to data loss should a power failure occur whilst your system is in operation.

 

Outdated/vulnerable OpenSSL versions 1.0.1e/1.0.1g used in 3CX V14 SP3

3CX Version 14 Service Pack 3 seems to include/use very old and insecure versions of OpenSSL 1.0.1e (11th February 2013) and 1.0.1g (5th June 2014).

More info about the locations is below:

C:\Program Files\3CX Phone System\Instance1\Bin\libeay32.dll
C:\Program Files\3CX Phone System\Instance1\Bin\ssleay32.dll

1.0.1.7
1.0.1g (5 Jun 2014)

C:\ProgramData\3CX\Bin\SSL\libeay32.dll
C:\ProgramData\3CX\Bin\SSL\ssleay32.dll

1.0.1.5
1.0.1e (11 Feb 2013)

OpenSSL 1.0.1t is the latest release and resolves a number of serious vulnerabilities

https://www.openssl.org/news/openssl-1.0.1-notes.html

This means that 3CX V14 Service Pack 3 is likely to be vulnerable to all of the documented vulnerabilities prior to the 1.0.1t OpenSSL release.  Using an IPS firewall may help to reduce the risk to your system until an updated version of OpenSSL is integrated into 3CX.

Insecure RC4 Cipher Suites and 56-bit encryption Enabled in 3CX V14 SP3

RC4 cipher suite is still enabled in Abyss Web Server X2 (Version 2.9.3.6) that is supplied with 3CX Version 14 Service Pack 3.

Version 2.11 of Abyss Web server X2 that was released on 5th April 2016 disabled the obsolete RC4 cipher suite as per RFC7465.
 
Abyss Web Server X2 in 3CX Version 14 Service Pack 3 also negotiates TLS_RSA_WITH_DES_CBC_SHA which is only a 56-bit key and is considered insecure.
3CX support have provided a workaround for this
You may edit the ciphers configured in Abyss by doing the following:
– on 3CX server, open a browser and go to http://127.0.0.1:9999, login with admin/admin
– change Ciphers dropdown to “Custom Ciphers Specification”
– replace RC4-SHA:HIGH:MEDIUM:LOW:DEFAULT:-EXP:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
with HIGH:MEDIUM:LOW:DEFAULT:-EXP:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!TLS_RSA_WITH_DES_CBC_SHA:!RC4:!DES-CBC-SHA
– validate, clicking OK on each screen until you are back to the webserver homepage then click Restart button.

Outdated and vulnerable PostgreSQL version 9.2.4 used in 3CX V14 SP3

3CX Version 14 Service Pack 3 seems to include/use a very old and insecure PostgreSQL version 9.2.4 (released 04-04-2013).

There have been at least 13 releases since 9.2.4, the latest being 9.2.17 which have resolved the following vulnerabilities: CVE-2014-0066, CVE-2014-0065, CVE-2014-0064, CVE-2014-0063, CVE-2014-0062, CVE-2014-0061, CVE-2014-0060, CVE-2014-0067, CVE-2014-8161, CVE-2015-0244, CVE-2015-0243, CVE-2015-0242, CVE-2015-0241, CVE-2015-3167, CVE-2015-3166, CVE-2015-3165, CVE-2015-5288 and CVE-2016-0773
This means that 3CX V14 Service Pack 3 is likely to be vulnerable to all of the above vulnerabilities.  Using an IPS firewall may help to reduce the risk to your system until an updated version of PostgreSQL is integrated into 3CX.

IT – Software and Hardware Support Resources