-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14.06.2015 16:47, Javier wrote:
depending on your hardware, and what hardware we need now to run stunnel in server mode... [cut] For me isn't 25%CPU it is above 50% (or 100% in one thread) in a humble Pentium 4.
Yes, it may be a good idea to add static DH parameters into stunnel.pem if you run stunnel on ARM, MIPS, or a 10 years old PC platform.
For me, too much. That is why I decided to follow your advice but, anyway, this takes so much to be by default for every system where stunnel runs. Some people might have stunnel running in lower specs hardware for a tiny server.
It is only my opinion. [cut] P.S.: I waited till end before send this to the list and took, finally, over 20 minutes...
I attempt to run this thread with low CPU priority wherever possible. Some CPU utilization should not be a problem in practice. The DH parameters are only generated when at least one of the services runs in server mode. I assume battery-powered machines rarely run as servers... I appreciate your opinions. Do you think I should trade security for 20 minutes idle CPU time every 24 hours? On modern machines it's closer to 2 minutes... Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJVfa/4AAoJEC78f/DUFuAUJzQP/AhR93O5TTOmxcEHXpfpnxpC eJJ0000BYk4gmY6DowZWU4ToMIPug58wSOOy4QnD/X0dYhqzKmpcapFLgTorfill ME6A48+VXs13Wwh3P3iH+WcmKQI8nIwb/7tQ4dm8TNcCEjF59EdV+PZVLZI21jWM H5XCC8mhwMD8DMCypVtH4fSOlgQmfF5V1avf5TOiscFGmL66ZUs4WpmZsrN2b+76 EDH2t9a5b40gl+EKSI5V2KZUkU/YkZKOTB0TMNw8UyS+tGwaTqeQhqUzrJ1POfLm Gk08GIVPK8bi0ogaCZQFI7mo8Ra/c/A3r7LD8hkm2ODlEKN3PL43w9ke96GOvuTi vPeYAOSp48YHTJppFVAPx/44IRfVpyUWr4GK4+27I5Zx1rs350TkRejJgtsvRxy3 Dzahp9BpFlRG2RKIceNOiadpIm4jn3X8I4bWsUplhPw4eo79YNGRUgwqAEfUoL95 MTloEg2wi5sxDQLsRDXSLZRWmRA4ysT/cwfzn2YNGYWf2lSfH+aE82e0U0k7f3bn Xw+h/6bmDL+kjkf2tpQlAAyiUPN1fb2FVNzgSca26DeTbm8wV8VotI3CXNGWlcmt 4WUV8FfcmuQDSZLwzvKXDsbda2V5PUchlaIM7XxMf1xBcszifpJTJotvnCDHKnc5 cBp+NYYH4x6ehAhL6OfM =ISLr -----END PGP SIGNATURE-----