Re: explicitly including other ciphers for use with https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg <ronc@xxxxxxxx> wrote:
Hello,

I a building a storage system, using HTTP/HTTPS for ingesting data.

I would like to use the authentication over HTTPS, while after that I want no encryption on the data because of peformance.

Then you probably don't understand the performance impact of TLS.

TLS is very expensive to negotiate between endpoints working from
elliptic curve or prime math.  There's no avoiding this initial hit if you
are going to use TLS whatsoever.

Once the endpoints have completed the handshake, they exchange
keys for a much simpler and more performant cipher such as the
AES-256 cipher (for faster performance, you could use AES-128
depending on the application).

You will measure very little benefit dropping TLS once the handshake
and your auth step is completed.
 
I think using  null ciphers, like eNULL would work, but how do I change the configurations is httpd.conf/ssl.conf ?

The NULL cipher keys are in openssl,  I just want to use them.

Only if you have 100% faith in the end-to-end topography of your
network. That pretty much restricts you to localhost:. Otherwise, 
any man-in-the-middle can observe the data in transit and alter 
the data passed between your client and backend storage server, 
which makes the entire point of authenticating rather silly, don't
you think?




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux