diff -ur a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff
--- a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff	2020-09-28 13:15:17.780747192 -0700
+++ b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff	2020-09-28 13:34:03.576552219 -0700
@@ -409,18 +409,10 @@
 index e7abb341..c23276d4 100644
 --- a/packet.c
 +++ b/packet.c
-@@ -961,6 +961,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+@@ -961,6 +961,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
  	return 0;
  }
  
-+/* this supports the forced rekeying required for the NONE cipher */
-+int rekey_requested = 0;
-+void
-+packet_request_rekeying(void)
-+{
-+	rekey_requested = 1;
-+}
-+
 +/* used to determine if pre or post auth when rekeying for aes-ctr
 + * and none cipher switch */
 +int
@@ -434,20 +426,6 @@
  #define MAX_PACKETS	(1U<<31)
  static int
  ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-@@ -987,6 +1005,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
- 	if (state->p_send.packets == 0 && state->p_read.packets == 0)
- 		return 0;
- 
-+	/* used to force rekeying when called for by the none
-+         * cipher switch methods -cjr */
-+        if (rekey_requested == 1) {
-+                rekey_requested = 0;
-+                return 1;
-+        }
-+
- 	/* Time-based rekeying */
- 	if (state->rekey_interval != 0 &&
- 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
 diff --git a/packet.h b/packet.h
 index c2544bd9..ebd85c88 100644
 --- a/packet.h
@@ -481,9 +459,9 @@
  	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
 +	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
 +	oNoneEnabled, oNoneSwitch,
+ 	oDisableMTAES,
  	oVisualHostKey,
  	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
- 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
 @@ -294,6 +297,8 @@ static struct {
  	{ "kexalgorithms", oKexAlgorithms },
  	{ "ipqos", oIPQoS },
@@ -615,9 +593,9 @@
  	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
  	SyslogFacility log_facility;	/* Facility for system logging. */
 @@ -114,7 +118,10 @@ typedef struct {
- 
  	int	enable_ssh_keysign;
  	int64_t rekey_limit;
+ 	int     disable_multithreaded; /*disable multithreaded aes-ctr*/
 +	int     none_switch;    /* Use none cipher */
 +	int     none_enabled;   /* Allow none to be used */
  	int	rekey_interval;
@@ -700,9 +678,9 @@
 +			options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
 +	}
 +
+ 	if (options->disable_multithreaded == -1)
+ 		options->disable_multithreaded = 0;
  	if (options->ip_qos_interactive == -1)
- 		options->ip_qos_interactive = IPTOS_DSCP_AF21;
- 	if (options->ip_qos_bulk == -1)
 @@ -519,6 +565,8 @@ typedef enum {
  	sPasswordAuthentication, sKbdInteractiveAuthentication,
  	sListenAddress, sAddressFamily,
@@ -1081,11 +1059,11 @@
  	xxx_host = host;
  	xxx_hostaddr = hostaddr;
  
-@@ -435,6 +446,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
+@@ -435,7 +446,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
+ 		}
+ 	}
+ #endif
  
- 	if (!authctxt.success)
- 		fatal("Authentication failed.");
-+
 +	/*
 +	 * If the user wants to use the none cipher, do it post authentication
 +	 * and only if the right conditions are met -- both of the NONE commands