[openssl-users] OpenSSL performance issue
Dave Thompson
dthompson at prinpay.com
Fri Dec 19 10:50:25 UTC 2014
> From: openssl-users On Behalf Of Michael Wojcik
> Sent: Thursday, December 18, 2014 21:27
> > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf
> > Of Kurt Roeckx
> > Sent: Thursday, December 18, 2014 16:36
> > To: openssl-users at openssl.org
> > Subject: Re: [openssl-users] OpenSSL performance issue
> >
> > So the differnce here is that jave picks a DHE ciphersuite while
otherwise
> you
> > didn't. DHE gives you forward secrecy but is slower.
>
> And if DH parameters have not been set, OpenSSL will have to generate
> them on the fly, which can be *very* slow (relative to normal conversation
> establishment).
>
I think this is new in trunk; in all released versions of OpenSSL server
it won't use DHE/A and or ECDHE/A if parameters have not been set.
And the case here is OpenSSL client to Java proxy acting as server.
JSSE server uses hardcoded parameters, from some standard --
I vaguely recall it being Oakley but don't remember details.
More information about the openssl-users
mailing list