explicitly including other ciphers.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes I think that probably would be the case.

on EDR HTTPS vs HTTP I loose about 15-20GB/s, almost half that is why am 
trying to do HTTPS for the authentication only

On 12/03/2015 07:10 PM, Jakob Bohm wrote:
> On 04/12/2015 03:03, Michael Wojcik wrote:
>>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>>> Of Ron Croonenberg
>>> Sent: Thursday, December 03, 2015 18:35
>>> To: openssl-users at openssl.org
>>> Subject: Re: [openssl-users] explicitly including other ciphers.
>>>
>>> The network is isolated from the outside worl,   BUT  we still need
>>> authentication because different users are using it.
>>>
>>> So what I preferably want is sort of a set up where,
>>> authentication is done the "standard way" and after that just use the
>>> https connection without the overhead of actually encrypting anything.
>>> (and the lesss modifications and recompiling the better)
>> So rather than connecting directly to Apache, how about connecting to
>> a TLS proxy like stunnel, which would then connect to Apache over
>> vanilla HTTP. Configure Apache to only bind to loopback addresses
>> (127/8 and/or ::1), so no one can bypass the proxy.
>>
>> That's assuming stunnel doesn't also play silly buggers with the
>> cipher suite list.
>>
> Wouldn't that extra hop via stunnel cost performance
> (noting that Ron is apparently running at faster than
> gigabit speed).
>
> Enjoy
>
> Jakob


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux