[stunnel-users] Inconsistent performance across stunnel and/or OpenSSL versions

Janusz Dziemidowicz rraptorr at nails.eu.org
Fri Apr 19 16:28:32 CEST 2013

2013/4/18 PPingPongBaker PPingPongBaker <ppingpongbaker at gmail.com>:
> It appears including static DH params in the certificate brings the
> performance back up in 4.40 and onward.

If you need the best performance, then disabling DH key exchange might
be a good idea as it is quite time consuming. If you still need
forward secrecy then ECDH should be a lot better, especially with
OpenSSL 1.0.1. In all cases, it might be worth looking at Google SSL
configuration, it is configured for quite a lot of traffic:)

Janusz Dziemidowicz

More information about the stunnel-users mailing list