[stunnel-users] question about Ephemeral Diffie-Hellman
Michal.Trojnara at mirt.net
Wed Mar 21 15:50:48 CET 2012
> I've read that EDH calculations were ca cause
> of significant slow up on
Over-reliance on session resumption is as useful as ignoring session
resumption altogether. Benchmarking worst case scenarios may look like
a good idea, but it is not a reasonable approach to bottleneck
It is also a good idea to use ECDHE ciphers instead of EDH for improved
performance without sacrificing PFS property. Make sure to install
recent OpenSSL and stunnel.
> I'm running stunnel on a embedded Linux/MIPS,
> where I'm trying to light up the load.
How many new sessions per second does your stunnel negotiate? Maybe
EDH is not your bottleneck.
> Is it possible to disable EDH? If so, how? I couldn't find any info
> on that.
The answer is in the article you quoted.
Stunnel option is "ciphers":
More information about the stunnel-users