I do have 100% control over all off the IB fabric (and it is not in 'user space', consider it an appliance' this will be running on. I am not interested in something secure at this point, I am interested in performance.
On 12/07/2015 06:06 PM, William A Rowe Jr wrote:
On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg <ronc@xxxxxxxx
<mailto:ronc@xxxxxxxx>> wrote:
Hello,
I a building a storage system, using HTTP/HTTPS for ingesting data.
I would like to use the authentication over HTTPS, while after that
I want no encryption on the data because of peformance.
Then you probably don't understand the performance impact of TLS.
TLS is very expensive to negotiate between endpoints working from
elliptic curve or prime math. There's no avoiding this initial hit if you
are going to use TLS whatsoever.
Once the endpoints have completed the handshake, they exchange
keys for a much simpler and more performant cipher such as the
AES-256 cipher (for faster performance, you could use AES-128
depending on the application).
You will measure very little benefit dropping TLS once the handshake
and your auth step is completed.
I think using null ciphers, like eNULL would work, but how do I
change the configurations is httpd.conf/ssl.conf ?
The NULL cipher keys are in openssl, I just want to use them.
Only if you have 100% faith in the end-to-end topography of your
network. That pretty much restricts you to localhost:. Otherwise,
any man-in-the-middle can observe the data in transit and alter
the data passed between your client and backend storage server,
which makes the entire point of authenticating rather silly, don't
you think?
.
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|