[stunnel-users] Inconsistent performance across stunnel and/or OpenSSL versions

Michal Trojnara Michal.Trojnara at mirt.net
Tue Apr 23 22:23:54 CEST 2013


On 2013-04-23 04:19, PPingPongBaker PPingPongBaker wrote:
> The best compilation of results on this topic that I have seen and
> agree with are at [1]
> DHE modular exponentiation really hurts SSL performance; no wonder Google resorted to ECDHE.
> [1] http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
I'm well aware of this.  Stunnel server should only negotiate DH if ECDH
is not supported by connecting client.  Can you confirm that this is the
case for the client you used for your tests?

The reason I asked you to compare your results with various ciphers was
to find reasonable defaults for the upcoming stunnel 5.00.  8-)

Mike

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130423/4e01d1d5/attachment.sig>


More information about the stunnel-users mailing list