-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 14.06.2015 16:47, Javier wrote:
depending on your hardware, and what hardware we need now to run stunnel in server mode...
[cut]
For me isn't 25%CPU it is above 50% (or 100% in one thread) in a humble Pentium 4.
Yes, it may be a good idea to add static DH parameters into stunnel.pem if you run stunnel on ARM, MIPS, or a 10 years old PC platform.
For me, too much. That is why I decided to follow your advice but, anyway, this takes so much to be by default for every system where stunnel runs. Some people might have stunnel running in lower specs hardware for a tiny server.
It is only my opinion.
[cut]
P.S.: I waited till end before send this to the list and took, finally, over 20 minutes...
I attempt to run this thread with low CPU priority wherever possible. Some CPU utilization should not be a problem in practice.
The DH parameters are only generated when at least one of the services runs in server mode. I assume battery-powered machines rarely run as servers...
I appreciate your opinions. Do you think I should trade security for 20 minutes idle CPU time every 24 hours? On modern machines it's closer to 2 minutes...
Mike