On 26.04.2014 16:07, Lukas Tribus wrote:
Hi,
I've disabled sslv3 and use certificates with 4096bits keys. I know
4096
bits keys are a bit over the top, but while testing the impact seemed
to
be acceptable so I thought 'What the heck, let's just use it....'
Thats it, with Remi's patch your dhparam was upgraded to 4096bit, we
assumed they have been upgraded to 2048bit only.
DHE with 4096bit keys and dhparam will clearly kill performance.
Drat, so my nice labtest with haproxy and different key sizes was
completely useless :-) It does explain why I didn't understand the
problem with 4096bit keys.
Sander
