Guylhem wrote:
I've read that EDH calculations were ca cause of significant slow up on
http://matt.io/technobabble/hivemind_devops_alert:_nginx_does_not_suck_at_ss...
<reply mode="polite"> Over-reliance on session resumption is as useful as ignoring session resumption altogether. Benchmarking worst case scenarios may look like a good idea, but it is not a reasonable approach to bottleneck identification. </reply>
It is also a good idea to use ECDHE ciphers instead of EDH for improved performance without sacrificing PFS property. Make sure to install recent OpenSSL and stunnel.
Also see: http://vincent.bernat.im/en/blog/2011-ssl-benchmark-round2.html
I'm running stunnel on a embedded Linux/MIPS, where I'm trying to light up the load.
How many new sessions per second does your stunnel negotiate? Maybe EDH is not your bottleneck.
Is it possible to disable EDH? If so, how? I couldn't find any info on that.
The answer is in the article you quoted. Stunnel option is "ciphers": http://www.stunnel.org/static/stunnel.html
Mike