--- sshconnect2.c.orig	2013-10-11 08:52:17.836129741 -0500
+++ sshconnect2.c	2013-10-11 08:53:05.776132295 -0500
@@ -451,6 +451,7 @@ ssh_userauth2(const char *local_user, co
                 }
         }
 
+#ifdef AES_THREADED
         /* if we are using aes-ctr there can be issues in either a fork or sandbox
          * so the initial aes-ctr is defined to point to the original single process
          * evp. After authentication we'll be past the fork and the sandboxed privsep
@@ -466,6 +467,7 @@ ssh_userauth2(const char *local_user, co
                 cipher_reset_multithreaded();
                 packet_request_rekeying();
         }
+#endif
 
 	debug("Authentication succeeded (%s).", authctxt.method->name);
 }
--- sshd.c.orig	2013-10-11 08:52:17.848126748 -0500
+++ sshd.c	2013-10-11 08:53:25.929132033 -0500
@@ -2186,6 +2186,7 @@ main(int ac, char **av)
 
 	/* Start session. */
 
+#ifdef AES_THREADED
 	/* if we are using aes-ctr there can be issues in either a fork or sandbox
          * so the initial aes-ctr is defined to point ot the original single process
 	 * evp. After authentication we'll be past the fork and the sandboxed privsep
@@ -2201,6 +2202,7 @@ main(int ac, char **av)
 		cipher_reset_multithreaded();
 		packet_request_rekeying();
 	}
+#endif
 
 	do_authenticated(authctxt);
 
--- readconf.c.orig	2013-10-11 09:24:10.812126846 -0500
+++ readconf.c	2013-10-11 09:19:12.295135966 -0500
@@ -268,12 +268,16 @@ static struct {
 	{ "canonicalizehostname", oCanonicalizeHostname },
 	{ "canonicalizemaxdots", oCanonicalizeMaxDots },
 	{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
+#ifdef NONECIPHER
 	{ "noneenabled", oNoneEnabled },
 	{ "noneswitch", oNoneSwitch },
+#endif
+#ifdef HPN
 	{ "tcprcvbufpoll", oTcpRcvBufPoll },
 	{ "tcprcvbuf", oTcpRcvBuf },
 	{ "hpndisabled", oHPNDisabled },
 	{ "hpnbuffersize", oHPNBufferSize },
+#endif
 	{ "ignoreunknown", oIgnoreUnknown },
 
 	{ NULL, oBadOption }
@@ -1739,12 +1743,20 @@ fill_default_options(Options * options)
 		options->server_alive_interval = 0;
 	if (options->server_alive_count_max == -1)
 		options->server_alive_count_max = 3;
+#ifdef NONECIPHER
 	if (options->none_switch == -1)
+#endif
 		options->none_switch = 0;
+#ifdef NONECIPHER
 	if (options->none_enabled == -1)
+#endif
 		options->none_enabled = 0;
+#ifdef HPN
 	if (options->hpn_disabled == -1)
 	        options->hpn_disabled = 0;
+#else
+	options->hpn_disabled = 1;
+#endif
 	if (options->hpn_buffer_size > -1)
 	{
 	  /* if a user tries to set the size to 0 set it to 1KB */
--- servconf.c.orig	2013-10-11 09:24:44.734138483 -0500
+++ servconf.c	2013-10-11 09:25:50.777137928 -0500
@@ -303,10 +303,16 @@
 	}
 	if (options->permit_tun == -1)
 		options->permit_tun = SSH_TUNMODE_NO;
+#ifdef NONECIPHER
 	if (options->none_enabled == -1) 
+#endif
 		options->none_enabled = 0;
+#ifdef HPN
 	if (options->hpn_disabled == -1) 
 		options->hpn_disabled = 0;
+#else
+	options->hpn_disabled = 1;
+#endif
 
 	if (options->hpn_buffer_size == -1) {
 		/* option not explicitly set. Now we have to figure out */
--- configure.ac.orig	2013-10-12 17:17:41.525139481 -0500
+++ configure.ac	2013-10-12 17:18:35.610130039 -0500
@@ -3968,6 +3968,34 @@
     ]
 ) # maildir
 
+#check whether user wants HPN support
+HPN_MSG="no"
+AC_ARG_WITH(hpn,
+	[  --with-hpn             Enable HPN support],
+	[ if test "x$withval" != "xno" ; then
+		AC_DEFINE(HPN,1,[Define if you want HPN support.])
+		HPN_MSG="yes"
+	fi ]
+)
+#check whether user wants NONECIPHER support
+NONECIPHER_MSG="no"
+AC_ARG_WITH(nonecipher,
+	[  --with-nonecipher             Enable NONECIPHER support],
+	[ if test "x$withval" != "xno" ; then
+		AC_DEFINE(NONECIPHER,1,[Define if you want NONECIPHER support.])
+		NONECIPHER_MSG="yes"
+	fi ]
+)
+#check whether user wants AES_THREADED support
+AES_THREADED_MSG="no"
+AC_ARG_WITH(aes-threaded,
+	[  --with-aes-threaded             Enable AES_THREADED support],
+	[ if test "x$withval" != "xno" ; then
+		AC_DEFINE(AES_THREADED,1,[Define if you want AES_THREADED support.])
+		AES_THREADED_MSG="yes"
+	fi ]
+)
+
 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
 	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
 	disable_ptmx_check=yes
@@ -4636,6 +4664,9 @@
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
 echo "              Random number source: $RAND_MSG"
 echo "             Privsep sandbox style: $SANDBOX_STYLE"
+echo "                       HPN support: $HPN_MSG"
+echo "                NONECIPHER support: $NONECIPHER_MSG"
+echo "              AES_THREADED support: $AES_THREADED_MSG"
 
 echo ""
 
