[openssl-users] explicitly including other ciphers.

Ron Croonenberg ronc at lanl.gov
Mon Dec 7 19:22:19 UTC 2015

Yes I think that probably would be the case.

on EDR HTTPS vs HTTP I loose about 15-20GB/s, almost half that is why am 
trying to do HTTPS for the authentication only

On 12/03/2015 07:10 PM, Jakob Bohm wrote:
> On 04/12/2015 03:03, Michael Wojcik wrote:
>>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>>> Of Ron Croonenberg
>>> Sent: Thursday, December 03, 2015 18:35
>>> To: openssl-users at openssl.org
>>> Subject: Re: [openssl-users] explicitly including other ciphers.
>>> The network is isolated from the outside worl,   BUT  we still need
>>> authentication because different users are using it.
>>> So what I preferably want is sort of a set up where,
>>> authentication is done the "standard way" and after that just use the
>>> https connection without the overhead of actually encrypting anything.
>>> (and the lesss modifications and recompiling the better)
>> So rather than connecting directly to Apache, how about connecting to
>> a TLS proxy like stunnel, which would then connect to Apache over
>> vanilla HTTP. Configure Apache to only bind to loopback addresses
>> (127/8 and/or ::1), so no one can bypass the proxy.
>> That's assuming stunnel doesn't also play silly buggers with the
>> cipher suite list.
> Wouldn't that extra hop via stunnel cost performance
> (noting that Ron is apparently running at faster than
> gigabit speed).
> Enjoy
> Jakob

More information about the openssl-users mailing list