[openssl-users] explicitly including other ciphers.
Ron Croonenberg
ronc at lanl.gov
Mon Dec 7 19:22:19 UTC 2015
Yes I think that probably would be the case.
on EDR HTTPS vs HTTP I loose about 15-20GB/s, almost half that is why am
trying to do HTTPS for the authentication only
On 12/03/2015 07:10 PM, Jakob Bohm wrote:
> On 04/12/2015 03:03, Michael Wojcik wrote:
>>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>>> Of Ron Croonenberg
>>> Sent: Thursday, December 03, 2015 18:35
>>> To: openssl-users at openssl.org
>>> Subject: Re: [openssl-users] explicitly including other ciphers.
>>>
>>> The network is isolated from the outside worl, BUT we still need
>>> authentication because different users are using it.
>>>
>>> So what I preferably want is sort of a set up where,
>>> authentication is done the "standard way" and after that just use the
>>> https connection without the overhead of actually encrypting anything.
>>> (and the lesss modifications and recompiling the better)
>> So rather than connecting directly to Apache, how about connecting to
>> a TLS proxy like stunnel, which would then connect to Apache over
>> vanilla HTTP. Configure Apache to only bind to loopback addresses
>> (127/8 and/or ::1), so no one can bypass the proxy.
>>
>> That's assuming stunnel doesn't also play silly buggers with the
>> cipher suite list.
>>
> Wouldn't that extra hop via stunnel cost performance
> (noting that Ron is apparently running at faster than
> gigabit speed).
>
> Enjoy
>
> Jakob
More information about the openssl-users
mailing list