Hello Steve,
On 26.04.2012 15:50, Dr. Stephen Henson wrote:
What DH parameters are you using? You can get better performance by tweaking
the parameters.
Can you explain how to tweak the parameters and if this reduces security.
Thanks
Dirk
On Fri, Apr 27, 2012, Dirk Menstermann wrote:
Hello Steve,
On 26.04.2012 15:50, Dr. Stephen Henson wrote:
What DH parameters are you using? You can get better performance by tweaking
the parameters.
Can you explain how to tweak the parameters and if this reduces security.
By
Thanks for all answers.
This is what i understood and found out:
If we want to use perfect forward secrecy, we have to compute DH
parameters. When enabling kEDH, most of our clients will use DHE_RSA
which seems to be rather slow on our front-end. Disabling kEDH
switches most clients to not use
On Fri, Apr 27, 2012, Jack Bauer wrote:
Currently I don't know, if the type of DH parameters can be configured
in nginx. But I will investigate ..
If there is a file which contains DH parameters then this should work. Check
to see the DH parameters file isn't something silly like 4096
On Fri, Apr 27, 2012 at 2:29 PM, Jack Bauer mlsubscri...@gmail.com wrote:
Currently I don't know, if the type of DH parameters can be configured
in nginx. But I will investigate ..
The only solution (for us, at the moment) seems to be to keep kEDH
enabled and hope, that most browsers will
We are currently experiencing some scaling problems on our webservers
(nginx). They are terminating SSL connections and passing the requests
to backend servers.
After some testing, it appears that scaling is no problem, when the
kEDH cipher is disabled by passing !kEDH to openssl.
Can someone
Hello,
the kEDH set of cipher suites provide so called perfect forward
secrecy, for a description of this term see e.g.
http://en.wikipedia.org/wiki/Perfect_forward_secrecy.
Ciao,
Richard
Am 26.04.2012 13:23, schrieb Jack Bauer:
We are currently experiencing some scaling problems on our
We are currently experiencing some scaling problems on our webservers
(nginx). They are terminating SSL connections and passing the requests
to backend servers.
After some testing, it appears that scaling is no problem, when the
kEDH cipher is disabled by passing !kEDH to openssl.
Can someone
Supplemental note:
The kEDH suites do a few extra cryptographic operations and
a few extra back-and-forth cryptographic operations for each
connection. This is not usually a performance problem
(except that very short connections will feel the increased
traffic/load more in percent).
However 3
On Thu, Apr 26, 2012, Jack Bauer wrote:
We are currently experiencing some scaling problems on our webservers
(nginx). They are terminating SSL connections and passing the requests
to backend servers.
After some testing, it appears that scaling is no problem, when the
kEDH cipher is
10 matches
Mail list logo
