-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14.06.2015 16:47, Javier wrote: > depending on your hardware, and what hardware we need now to run > stunnel in server mode... [cut] > For me isn't 25%CPU it is above 50% (or 100% in one thread) in a > humble Pentium 4.
Yes, it may be a good idea to add static DH parameters into stunnel.pem if you run stunnel on ARM, MIPS, or a 10 years old PC platform. > For me, too much. That is why I decided to follow your advice but, > anyway, this takes so much to be by default for every system where > stunnel runs. Some people might have stunnel running in lower > specs hardware for a tiny server. > > It is only my opinion. [cut] > P.S.: I waited till end before send this to the list and took, > finally, over 20 minutes... I attempt to run this thread with low CPU priority wherever possible. Some CPU utilization should not be a problem in practice. The DH parameters are only generated when at least one of the services runs in server mode. I assume battery-powered machines rarely run as servers... I appreciate your opinions. Do you think I should trade security for 20 minutes idle CPU time every 24 hours? On modern machines it's closer to 2 minutes... Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJVfa/4AAoJEC78f/DUFuAUJzQP/AhR93O5TTOmxcEHXpfpnxpC eJJ0000BYk4gmY6DowZWU4ToMIPug58wSOOy4QnD/X0dYhqzKmpcapFLgTorfill ME6A48+VXs13Wwh3P3iH+WcmKQI8nIwb/7tQ4dm8TNcCEjF59EdV+PZVLZI21jWM H5XCC8mhwMD8DMCypVtH4fSOlgQmfF5V1avf5TOiscFGmL66ZUs4WpmZsrN2b+76 EDH2t9a5b40gl+EKSI5V2KZUkU/YkZKOTB0TMNw8UyS+tGwaTqeQhqUzrJ1POfLm Gk08GIVPK8bi0ogaCZQFI7mo8Ra/c/A3r7LD8hkm2ODlEKN3PL43w9ke96GOvuTi vPeYAOSp48YHTJppFVAPx/44IRfVpyUWr4GK4+27I5Zx1rs350TkRejJgtsvRxy3 Dzahp9BpFlRG2RKIceNOiadpIm4jn3X8I4bWsUplhPw4eo79YNGRUgwqAEfUoL95 MTloEg2wi5sxDQLsRDXSLZRWmRA4ysT/cwfzn2YNGYWf2lSfH+aE82e0U0k7f3bn Xw+h/6bmDL+kjkf2tpQlAAyiUPN1fb2FVNzgSca26DeTbm8wV8VotI3CXNGWlcmt 4WUV8FfcmuQDSZLwzvKXDsbda2V5PUchlaIM7XxMf1xBcszifpJTJotvnCDHKnc5 cBp+NYYH4x6ehAhL6OfM =ISLr -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
