On 19/04/13 07:02, PPingPongBaker PPingPongBaker wrote:
It appears including static DH params in the certificate brings the performance back up in 4.40 and onward.
Does this mean stunnel dynamically generates DH keys if the "openssl dhparam 2048" trick mentioned in the man page isn't done - and that causes an initial pause that impacts the overall throughput? Would that be once at startup, or per connection? I have seen some SSL apps where there is (say) an hourly/daily cronjob that generates new DH keys into a file, and the app uses that instead of doing it dynamically - very similar to the append operation mentioned in the man page.
Actually, given how CPU intensive generating a 2048bit DH key is, what is the *real* downside of having a static DH key? Sounds to me there is effectively no downside and some upside for doing that by default? Maybe at least the package maintainers of stunnel (eg for Redhat/Debian) should do that as part of their installation process? I'm sure we're all for better performance if there's no real security downside
Jason
PS: DH is two-way - so what is the client doing? eg if this was a web browser going to mod_ssl on apache, does the client sit there thinking hard - generating it's DH key? Surely both ends would need to move to a "static" key model to get the performance improvement?
PPS: crypto isn't my strongest area, so forgive my naive questions ;-)