[openssl-users] explicitly including other ciphers.

Michael Wojcik Michael.Wojcik at microfocus.com
Mon Dec 7 19:33:45 UTC 2015


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Ron Croonenberg
> Sent: Monday, December 07, 2015 14:24
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] explicitly including other ciphers.
> 
> if the proxy is another host, I'd probably loose too much bandwith

As I described it, it wouldn't be on another host. From my previous message: "Configure Apache to only bind to loopback addresses (127/8 and/or ::1), so no one can bypass the proxy." If the proxy is connecting to Apache over the loopback interface, by definition it's running on the same system.

There might still be an unacceptable performance hit, of course. It wouldn't be due to an additional physical network leg (because there wouldn't be any), but you'd have some processing overhead, an extra set of copies for every packet, and some time spent in the proxy connecting to Apache - though depending on the requirements of the application and the capabilities of the proxy, that might be amortized over long-running connections.

Conversely, if your application can benefit from caching, you might gain some performance in actually serving content. It's impossible to guess without knowing more about the application and its behavior.

(And you mean "lose", not "loose".)

-- 
Michael Wojcik
Technology Specialist, Micro Focus




More information about the openssl-users mailing list