Hello,
the kEDH set of cipher suites provide so called "perfect forward
secrecy", for a description of this term see e.g.
http://en.wikipedia.org/wiki/Perfect_forward_secrecy.
Ciao,
Richard
Am 26.04.2012 13:23, schrieb Jack Bauer:
We are currently experiencing some scaling problems on our webservers
(nginx). They are terminating SSL connections and passing the requests
to backend servers.
After some testing, it appears that scaling is no problem, when the
kEDH cipher is disabled by passing !kEDH to openssl.
Can someone please explain, what disabling kEDH exactly means and tell
if there are any caveats concerning client/end-point security?
Thanks.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org