On Thu, Apr 26, 2012, Jack Bauer wrote: > We are currently experiencing some scaling problems on our webservers > (nginx). They are terminating SSL connections and passing the requests > to backend servers. > > After some testing, it appears that scaling is no problem, when the > kEDH cipher is disabled by passing !kEDH to openssl. > > Can someone please explain, what disabling kEDH exactly means and tell > if there are any caveats concerning client/end-point security? >
What DH parameters are you using? You can get better performance by tweaking the parameters. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org