SecureBlackbox 16: Why is the speed of my SFTP transfer slow compared to WS_FTP or FileZilla?

Note: This article applies only to SecureBlackbox Legacy. For future development please consider using the latest version.

This entry provides details on factors that can affect SFTP transfer speed, as well as some quick fixes.

  • The common speed for SSH and SFTP data transfer is around 1-1.5 Mb/sec. It is limited by the encryption speed and several layers of data copying and processing (during SSH tunneling). Compare this with an FTP transfer, where the data is sent over a dedicated socket unaltered, and SFTP file transfer, where each chunk of data is wrapped several times (and unwrapped back on the other side).

  • Different encryption algorithms have different speeds. This is caused by the number of calculations needed to encrypt the block and by the block size. To compare SSH encryption algorithms, DES and 3DES are very slow, RC4 is the fastest, and AES is relatively fast. Encryption algorithms can be enabled and disabled using the EncryptionAlgorithms property. Note that in .NET, SecureBlackbox uses pure managed IL code, which is by definition slower than the optimized native code used in FileZilla, WS_FTP, and some other native clients. Also, some clients started to use hardware support for processor instructions that make AES faster - an advantage not available to managed code.

  • Compression can increase the speed of transfer of uncompressed data, but will slow down transfer if your data is already compressed or encrypted (the encrypted or compressed data can't be compressed further, yet time is wasted on this secondary compression). Compression can be enabled or disabled using the CompressionAlgorithms property. Note that you need to enable or disable the SSH_CA_ZLIB algorithm (and not SSH_CA_NONE).

  • The component's automatic settings adjustment for a particular server may disable pipelining. When the client connects to the server, the server provides its name to the client. The name can be read in the ServerSoftwareName property. Based on the given name, the component attempts to adjust certain properties to bypass bugs and limitations of the particular server software. Some servers don't support pipelining (sending multiple SSH packets without waiting for confirmation for each packet). Some servers support pipelining only in recent versions, and it can happen that the component will disable the pipelining based solely on the server software name, while the server does support it in the version used. To check if pipelining is used, handle the OnBlockTransferPrepared event (added in SecureBlackbox 8.2) and check its parameters (you can also modify the pipeline length).

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at