[openssl-users] OpenSSL performance issue

Prabhat Puroshottam prabhat.puroshottam at outlook.com
Thu Dec 18 22:57:01 UTC 2014



----------------------------------------
> Date: Thu, 18 Dec 2014 22:36:08 +0100
> From: kurt at roeckx.be
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] OpenSSL performance issue
>
> On Fri, Dec 19, 2014 at 02:30:07AM +0530, Prabhat Puroshottam wrote:
>> ***************************************
>> This is for *Client -> Agent*
>> ***************************************
> [...]
>>         Version 3.1
> [...]
>>         cipherSuite         TLS_RSA_WITH_AES_256_CBC_SHA
> [...]
>> ***************************************
>> This is for *Client -> Proxy Server*
>> ***************************************
>>         cipherSuite         TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>
> So the differnce here is that jave picks a DHE ciphersuite while
> otherwise you didn't. DHE gives you forward secrecy but is
> slower.

Being relatively new to OpenSSL and security programming in general, 
obviously I need to read into these, but could it cause the delay in 
sending ServerHello by Java Server. From your above statement I can make
out that it might make overall communication slower, but I believe
application data transfer is not the concern (at least not now), but only
inordinate delay while performing SSL handshake.


> You're also not using session resumption which might speed up the
> whole process. It at least looks like that proxy server might
> support that.

Thanks, that was the next step I was going to work on. Would you be so
kind as to point out to me how you figured out that proxy server might
support session resumption? Sorry if this is a very naive question.


 		 	   		  


More information about the openssl-users mailing list