Hi
My 2 cents re high cpu and large key sizes. I loaded a package on my
HAproxy servers called haveged and I saw significant faster response
times. Reason for this is it doubled the entropy on my servers. As a
test I created a 4096 GPG key on a system without haveged and it took
nearly 2 hours to generate. I then installed haveged on the same system
and the time came down to 4 minutes.
HTH
Kobus
On 02/05/2014 15:52, Lukas Tribus wrote:
Hi Remi,
The default value for max-dh-param-size is set to 1024, thus keeping
the current behavior by default. Setting a higher value (for example
2048 with a 2048 bits RSA/DSA server key) allows an easy upgrade
to stronger ephemeral DH keys (and back if needed).
Please note that Sander used 4096bit - which is why he saw huge CPE load.
Imho we can default max-dh-param-size to 2048bit.
Best thing would be if Sander could test in his environment with a 2048bit
dhparam manually (in the cert file).
Regards,
Lukas
--
Trustpay Global Limited is an authorised Electronic Money Institution
regulated by the Financial Conduct Authority registration number 900043.
Company No 07427913 Registered in England and Wales with registered address
130 Wood Street, London, EC2V 6DL, United Kingdom.
For further details please visit our website at www.trustpayglobal.com.
The information in this email and any attachments are confidential and
remain the property of Trustpay Global Ltd unless agreed by contract. It is
intended solely for the person to whom or the entity to which it is
addressed. If you are not the intended recipient you may not use, disclose,
copy, distribute, print or rely on the content of this email or its
attachments. If this email has been received by you in error please advise
the sender and delete the email from your system. Trustpay Global Ltd does
not accept any liability for any personal view expressed in this message.
