19 Apr
2013
19 Apr
'13
2:28 p.m.
2013/4/18 PPingPongBaker PPingPongBaker ppingpongbaker@gmail.com:
It appears including static DH params in the certificate brings the performance back up in 4.40 and onward.
If you need the best performance, then disabling DH key exchange might be a good idea as it is quite time consuming. If you still need forward secrecy then ECDH should be a lot better, especially with OpenSSL 1.0.1. In all cases, it might be worth looking at Google SSL configuration, it is configured for quite a lot of traffic:) https://www.ssllabs.com/ssltest/analyze.html?d=google.com
-- Janusz Dziemidowicz