"Joseph R. Junkin" <[EMAIL PROTECTED]> writes:
> I want to run a site with the lowest possible encryption for the highest
> performance. I want it to work with typical browsers (Netscape4 & IE4)
> Right now I am using:
> SLCipherSuite ALL:!ADH:RC4+RSA:-HIGH:-MEDIUM:+LOW:+SSLv2:+EXP
>
> When I access it using IE5, it tells me that it is connecting at 56 bit.
> I am aware that some older export browsers do 40bit, is there a way to
> force 40 bit for all browsers?
>
> Anything I can do for maximum performance while still using some form of
> widely accepted encryption?
Encryption and performance are not mutually opposed in the way
you might think.
In the case of symmetric ciphers, RC4 is by far the fastest
and it's no slower in 128 bit mode than 40 bit mode. Thus,
I'd advise you to use RC4-128.
As far as asymmetric ciphers goes, RSA is substantially
faster than DSA/DH. You control your RSA key length so you'll
have to decide how large an RSA key to generate. 512 is
known to be breakable by a dedicated effort using today's
technology. I'd advise 768 bits as the minimum myself.
However, if you're talking to an export browser then you'll
end up with 512 bits of security but it will be as slow
as 768 bits because of ephemeral RSA mode. [0]
-Ekr
[0] Yes, I know that 512 bit ephemeral RSA isn't exactly
the same security wise as 512 bit static, but they're
close to a first order.
--
[Eric Rescorla [EMAIL PROTECTED]]
PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
