❦ 25 avril 2014 17:22 CEST, Willy Tarreau <[email protected]> :
> - ssl: Add standardized DH parameters >= 1024 bits
> (I still don't understand what this is about, I'm clearly far from
> being even an SSL novice). I have no idea whether it can be related
> or not, but at least you're using SSL so everything is possible.
Since previously, the DH param was always 1024 bits and usually, key
sizes are 2048, I think that using a 2048 bits DH param adds a
performance impact but I never evaluated it since using a 1024 DHE param
is not unusual (or was not unusual, I am far to be up-to-date on
this). The impact should have been minimal since g is kept to 2 and this
is the important one (DHE is about g^a mod p where g and p are the DH
parameters) but we are nonetheless dealing with far more larger integers
and I suppose that the exponentiation has a performance hit when p gets
larger.
The strength of RSA and DH are equivalent so using the same size
for both is definitively a good practice.
--
Avoid temporary variables.
- The Elements of Programming Style (Kernighan & Plauger)
