Thanks for all answers.
This is what i understood and found out:
If we want to use perfect forward secrecy, we have to compute DH
parameters. When enabling kEDH, most of our clients will use DHE_RSA
which seems to be rather slow on our front-end. Disabling kEDH
switches most clients to not use
We are currently experiencing some scaling problems on our webservers
(nginx). They are terminating SSL connections and passing the requests
to backend servers.
After some testing, it appears that scaling is no problem, when the
kEDH cipher is disabled by passing !kEDH to openssl.
Can someone
We are currently experiencing some scaling problems on our webservers
(nginx). They are terminating SSL connections and passing the requests
to backend servers.
After some testing, it appears that scaling is no problem, when the
kEDH cipher is disabled by passing !kEDH to openssl.
Can someone