23 Apr
2013
23 Apr
'13
8:23 p.m.
On 2013-04-23 04:19, PPingPongBaker PPingPongBaker wrote:
The best compilation of results on this topic that I have seen and agree with are at [1] DHE modular exponentiation really hurts SSL performance; no wonder Google resorted to ECDHE. [1] http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
I'm well aware of this. Stunnel server should only negotiate DH if ECDH is not supported by connecting client. Can you confirm that this is the case for the client you used for your tests?
The reason I asked you to compare your results with various ciphers was to find reasonable defaults for the upcoming stunnel 5.00. 8-)
Mike