On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg <r...@lanl.gov> wrote:
> Hello, > > I a building a storage system, using HTTP/HTTPS for ingesting data. > > I would like to use the authentication over HTTPS, while after that I want > no encryption on the data because of peformance. > Then you probably don't understand the performance impact of TLS. TLS is very expensive to negotiate between endpoints working from elliptic curve or prime math. There's no avoiding this initial hit if you are going to use TLS whatsoever. Once the endpoints have completed the handshake, they exchange keys for a much simpler and more performant cipher such as the AES-256 cipher (for faster performance, you could use AES-128 depending on the application). You will measure very little benefit dropping TLS once the handshake and your auth step is completed. > I think using null ciphers, like eNULL would work, but how do I change > the configurations is httpd.conf/ssl.conf ? > > The NULL cipher keys are in openssl, I just want to use them. > Only if you have 100% faith in the end-to-end topography of your network. That pretty much restricts you to localhost:. Otherwise, any man-in-the-middle can observe the data in transit and alter the data passed between your client and backend storage server, which makes the entire point of authenticating rather silly, don't you think? .
