>> If your refer to long EOL'ed system, then they probably don't support DHE at >> all. > > Alas EOL'ed systems doesn't hinder its use - even if it unwise..
Thats not what I'm saying. What I'm saying is that since they are so old they don't even support DHE, therefor the dh group doesn't matter. >> Scannel on Windows XP doesn't support DHE with RSA, therefor IE6/7/8 will >> connect just >> fine (without FS). > > I assume you mean Schannel, and yes - I just did a small test on a public low > volume site > using a VM based IE7 and SSLLabs SSLTest[1], and can see that both IE7 and > IE8 on > Windows XP uses the cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA (the OpenSSL name is > DES-CBC3-SHA) when connecting. > > As far as I can see the only client that cannot connect in that test is a > Java 1.6 based one - > all others are fine (just as you said). Ok, thanks for confirming. > A follow up question: > > How much dos the size of my chosen DH group affect clients and the server > when negotiating the > connection? *Very* much on the server side. It will kill your CPU. > The SSLLabs test did not take any longer using a 4096 bit DH group instead of > a 2048bit one. Because you have 1 server dedicated to 1 client. Also SSLLabs is not exactly a performance test. > Could I (at least in theory) make a 8192 bit DH group, and not expect any > performance > problems? Absolutely not, no, not even in theory. Don't do this. HAProxy users have had severe performance regression because of this. Lukas