Hello
I've read that EDH calculations were ca cause of significant slow up on http://matt.io/technobabble/hivemind_devops_alert:_nginx_does_not_suck_at_ss...
I'm running stunnel on a embedded Linux/MIPS, where I'm trying to light up the load.
Is it possible to disable EDH? If so, how? I couldn't find any info on that.
Thanks Guylhem
Guylhem wrote:
I've read that EDH calculations were ca cause of significant slow up on
http://matt.io/technobabble/hivemind_devops_alert:_nginx_does_not_suck_at_ss...
<reply mode="polite"> Over-reliance on session resumption is as useful as ignoring session resumption altogether. Benchmarking worst case scenarios may look like a good idea, but it is not a reasonable approach to bottleneck identification. </reply>
It is also a good idea to use ECDHE ciphers instead of EDH for improved performance without sacrificing PFS property. Make sure to install recent OpenSSL and stunnel.
Also see: http://vincent.bernat.im/en/blog/2011-ssl-benchmark-round2.html
I'm running stunnel on a embedded Linux/MIPS, where I'm trying to light up the load.
How many new sessions per second does your stunnel negotiate? Maybe EDH is not your bottleneck.
Is it possible to disable EDH? If so, how? I couldn't find any info on that.
The answer is in the article you quoted. Stunnel option is "ciphers": http://www.stunnel.org/static/stunnel.html
Mike
Hello,
On Wed, Mar 21, 2012 at 11:50, Michal Trojnara Michal.Trojnara@mirt.net wrote:
Benchmarking worst case scenarios may look like a good idea, but it is not a reasonable approach to bottleneck identification.
Very true.
At the moment, I'm just preparing a test setup, making sure I have a configuration following best practices as a reference point for the comparison.
Is it possible to disable EDH? If so, how? I couldn't find any info on that.
The answer is in the article you quoted. Stunnel option is "ciphers":
Thanks - however from the manpage it seems to be a positive list only using a different format, while the article use ! for exclusions.
If PFS is to be sacrified, would the following line (based on the article) be ok ? If not, what would be stunnel equivalent? ciphers=ALL:!kEDH:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:RC4 RSA: HIGH;
And if PFS is to be kept: ciphers=ALL:ECDHE:!kEDH:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:RC4 RSA: HIGH;
Guylhem
Guylhem wrote:
Thanks - however from the manpage it seems to be a positive list only using a different format, while the article use ! for exclusions.
This is an OpenSSL functionality. Detailed description is here: http://www.openssl.org/docs/apps/ciphers.html
stunnel default is currently: ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH
Under the version of OpenSSL I use this is translated into the following list of ciphers:
$ /usr/local/ssl/bin/openssl version OpenSSL 1.0.0e 6 Sep 2011 $ /usr/local/ssl/bin/openssl ciphers -v 'ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH' ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1 ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1 ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
For the fastest cipher supported by the client my recommendation is: ciphers = RC4-MD5:AES128-SHA:DES-CBC3-SHA:!SSLv2
Mike
-
Guylhem -
Michal Trojnara