On Mon, Aug 26, 2013 at 05:16:43PM -0700, Robert Relyea wrote: > 2) It does have a significant downside speed wise. I was responsible > for measuring this once from the server perspective (we were trying to > convince people to use ECC. I could only get wins over RSA at the 2048 > bit range with ECDH (224bit) not ECDHE... and that was ECDHE where we > used a single private key generated at server startup). Note that we are > using 256 bit ECC at the low end. > > Those figures are old, so it would be good to try to get new ones from > the client perspective (not how many connections a server can use). I'm > not as worried about the order for servers as servers can manage their > performance by only supporting the fast algorithms.
See http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html I think this is the most relevant one. Most of the others compare it to 1024 RSA keys. Only about 4% is still using 1024 keys now, while the rest is using 2048 or more. Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto