Yes I think that probably would be the case. on EDR HTTPS vs HTTP I loose about 15-20GB/s, almost half that is why am trying to do HTTPS for the authentication only On 12/03/2015 07:10 PM, Jakob Bohm wrote: > On 04/12/2015 03:03, Michael Wojcik wrote: >>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf >>> Of Ron Croonenberg >>> Sent: Thursday, December 03, 2015 18:35 >>> To: openssl-users at openssl.org >>> Subject: Re: [openssl-users] explicitly including other ciphers. >>> >>> The network is isolated from the outside worl, BUT we still need >>> authentication because different users are using it. >>> >>> So what I preferably want is sort of a set up where, >>> authentication is done the "standard way" and after that just use the >>> https connection without the overhead of actually encrypting anything. >>> (and the lesss modifications and recompiling the better) >> So rather than connecting directly to Apache, how about connecting to >> a TLS proxy like stunnel, which would then connect to Apache over >> vanilla HTTP. Configure Apache to only bind to loopback addresses >> (127/8 and/or ::1), so no one can bypass the proxy. >> >> That's assuming stunnel doesn't also play silly buggers with the >> cipher suite list. >> > Wouldn't that extra hop via stunnel cost performance > (noting that Ron is apparently running at faster than > gigabit speed). > > Enjoy > > Jakob
