Thanks for all answers. This is what i understood and found out: If we want to use perfect forward secrecy, we have to compute DH parameters. When enabling kEDH, most of our clients will use DHE_RSA which seems to be rather slow on our front-end. Disabling kEDH switches most clients to not use perfect forward secrecy at all (only RSA). Independent of the kEDH setting, clients using Chrome are choosing ECDHE_RSA which can be calculated much faster. Forcing ECDHE_RSA on the server, will block clients with older versions of OpenSSL implementations.
In summary (performance on https): No PFS at all -> scales well DHE_RSA -> very slow, doesn't scale well ECDHE_RSA -> slow, but much faster than DHE_RSA, scales with about 35% performance lost (vs. no PFS) Currently I don't know, if the type of DH parameters can be configured in nginx. But I will investigate .. The only solution (for us, at the moment) seems to be to keep kEDH enabled and hope, that most browsers will use ECDHE_RSA in the future. Jack ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
