On 2015-12-01 02:03, Willy Tarreau wrote:
On Mon, Nov 30, 2015 at 04:20:15PM -0800, Bryan Talbot wrote:
If your clients are all "modern" browsers and mobile devices, you're
probably good. If there are old clients, or other systems calling an
API
there can be issues especially if they are using Java <= 7.
I recently stumbled on a site (which I forgot) which reported that
about 75%
of their visitors support ECDSA. So in short, if we can divide the CPU
usage
by 20 for 75% of the visitors, that's roughly a 3.5x performance
improvement
to be expected, that would be nice!
For what it's worth, the next version of Mozilla's modern guidelines
will most
likely prefer ECDSA certificates and only have ECDHE ciphers in the
ciphersuite.
More testing is needed, but it seems that client support is mature
enough.
https://github.com/mozilla/server-side-tls/pull/97
- Julien
