diff -ur --exclude '.*.un*' a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff
--- a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff	2019-04-18 15:07:06.748067368 -0700
+++ b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff	2019-04-18 19:42:26.689298696 -0700
@@ -998,7 +998,7 @@
 +		 * so we repoint the define to the multithreaded evp. To start the threads we
 +		 * then force a rekey
 +		 */
-+		const void *cc = ssh_packet_get_send_context(active_state);
++		const void *cc = ssh_packet_get_send_context(ssh);
 +		
 +		/* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */
 +		if (strstr(cipher_ctx_name(cc), "ctr")) {
@@ -1028,7 +1028,7 @@
 +		 * so we repoint the define to the multithreaded evp. To start the threads we
 +		 * then force a rekey
 +		 */
-+		const void *cc = ssh_packet_get_send_context(active_state);
++		const void *cc = ssh_packet_get_send_context(ssh);
 +		
 +		/* only rekey if necessary. If we don't do this gcm mode cipher breaks */
 +		if (strstr(cipher_ctx_name(cc), "ctr")) {
diff -ur --exclude '.*.un*' a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff
--- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff	2019-04-18 15:07:11.289035776 -0700
+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff	2019-04-18 17:07:59.413376785 -0700
@@ -162,24 +162,24 @@
  }
  
 +static int
-+channel_tcpwinsz(void)
++channel_tcpwinsz(struct ssh *ssh)
 +{
 +	u_int32_t tcpwinsz = 0;
 +	socklen_t optsz = sizeof(tcpwinsz);
 +	int ret = -1;
 +
 +	/* if we aren't on a socket return 128KB */
-+	if (!packet_connection_is_on_socket())
++	if (!ssh_packet_connection_is_on_socket(ssh))
 +		return 128 * 1024;
 +
-+	ret = getsockopt(packet_get_connection_in(),
++	ret = getsockopt(ssh_packet_get_connection_in(ssh),
 +			 SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
 +	/* return no more than SSHBUF_SIZE_MAX (currently 256MB) */
 +	if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX)
 +		tcpwinsz = SSHBUF_SIZE_MAX;
 +
 +	debug2("tcpwinsz: tcp connection %d, Receive window: %d",
-+	       packet_get_connection_in(), tcpwinsz);
++	       ssh_packet_get_connection_in(ssh), tcpwinsz);
 +	return tcpwinsz;
 +}
 +
@@ -191,7 +191,7 @@
  	    c->local_window < c->local_window_max/2) &&
  	    c->local_consumed > 0) {
 +		u_int addition = 0;
-+		u_int32_t tcpwinsz = channel_tcpwinsz();
++		u_int32_t tcpwinsz = channel_tcpwinsz(ssh);
 +		/* adjust max window size if we are in a dynamic environment */
 +		if (c->dynamic_window && (tcpwinsz > c->local_window_max)) {
 +			/* grow the window somewhat aggressively to maintain pressure */
@@ -409,18 +409,10 @@
 index dcf35e6..da4ced0 100644
 --- a/packet.c
 +++ b/packet.c
-@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
  	return 0;
  }
  
-+/* this supports the forced rekeying required for the NONE cipher */
-+int rekey_requested = 0;
-+void
-+packet_request_rekeying(void)
-+{
-+	rekey_requested = 1;
-+}
-+
 +/* used to determine if pre or post auth when rekeying for aes-ctr
 + * and none cipher switch */
 +int
@@ -434,20 +426,6 @@
  #define MAX_PACKETS	(1U<<31)
  static int
  ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
- 	if (state->p_send.packets == 0 && state->p_read.packets == 0)
- 		return 0;
- 
-+	/* used to force rekeying when called for by the none
-+         * cipher switch methods -cjr */
-+        if (rekey_requested == 1) {
-+                rekey_requested = 0;
-+                return 1;
-+        }
-+
- 	/* Time-based rekeying */
- 	if (state->rekey_interval != 0 &&
- 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
 diff --git a/packet.h b/packet.h
 index 170203c..f4d9df2 100644
 --- a/packet.h
@@ -476,9 +454,9 @@
  /* Format of the configuration file:
  
 @@ -166,6 +167,8 @@ typedef enum {
- 	oHashKnownHosts,
  	oTunnel, oTunnelDevice,
  	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
+ 	oDisableMTAES,
 +	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
 +	oNoneEnabled, oNoneSwitch,
  	oVisualHostKey,
@@ -615,9 +593,9 @@
  	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
  	SyslogFacility log_facility;	/* Facility for system logging. */
 @@ -111,7 +115,10 @@ typedef struct {
- 
  	int	enable_ssh_keysign;
  	int64_t rekey_limit;
+ 	int     disable_multithreaded; /*disable multithreaded aes-ctr*/
 +	int     none_switch;    /* Use none cipher */
 +	int     none_enabled;   /* Allow none to be used */
  	int	rekey_interval;
@@ -673,9 +651,9 @@
  	/* Portable-specific options */
  	if (options->use_pam == -1)
 @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options)
- 	}
- 	if (options->permit_tun == -1)
  		options->permit_tun = SSH_TUNMODE_NO;
+ 	if (options->disable_multithreaded == -1)
+ 		options->disable_multithreaded = 0;
 +	if (options->none_enabled == -1)
 +		options->none_enabled = 0;
 +	if (options->hpn_disabled == -1)
@@ -1092,7 +1070,7 @@
  	xxx_host = host;
  	xxx_hostaddr = hostaddr;
  
-@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
  
  	if (!authctxt.success)
  		fatal("Authentication failed.");
@@ -1108,7 +1086,7 @@
 +			memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
 +			myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
 +			myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
-+			kex_prop2buf(active_state->kex->my, myproposal);
++			kex_prop2buf(ssh->kex->my, myproposal);
 +			packet_request_rekeying();
 +			fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
 +		} else {
@@ -1117,23 +1095,13 @@
 +			fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
 +		}
 +	}
-+
- 	debug("Authentication succeeded (%s).", authctxt.method->name);
- }
  
+ #ifdef WITH_OPENSSL
+ 	if (options.disable_multithreaded == 0) {
 diff --git a/sshd.c b/sshd.c
 index a738c3a..b32dbe0 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
- 	char remote_version[256];	/* Must be at least as big as buf. */
- 
- 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
--	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
-+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
- 	    *options.version_addendum == '\0' ? "" : " ",
- 	    options.version_addendum);
- 
 @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la)
  	int ret, listen_sock;
  	struct addrinfo *ai;
@@ -1217,11 +1185,10 @@
 index f1bbf00..21a70c2 100644
 --- a/version.h
 +++ b/version.h
-@@ -3,4 +3,6 @@
+@@ -3,4 +3,5 @@
  #define SSH_VERSION	"OpenSSH_7.8"
  
  #define SSH_PORTABLE	"p1"
 -#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN         "-hpn14v16"
 +#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN
 +