>> If your refer to long EOL'ed system, then they probably don't support DHE at
>> all.
>
> Alas EOL'ed systems doesn't hinder its use - even if it unwise..
Thats not what I'm saying. What I'm saying is that since they are so old they
don't
even support DHE, therefor the dh group doesn't matter.
>> Scannel on Windows XP doesn't support DHE with RSA, therefor IE6/7/8 will
>> connect just
>> fine (without FS).
>
> I assume you mean Schannel, and yes - I just did a small test on a public low
> volume site
> using a VM based IE7 and SSLLabs SSLTest[1], and can see that both IE7 and
> IE8 on
> Windows XP uses the cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA (the OpenSSL name is
> DES-CBC3-SHA) when connecting.
>
> As far as I can see the only client that cannot connect in that test is a
> Java 1.6 based one -
> all others are fine (just as you said).
Ok, thanks for confirming.
> A follow up question:
>
> How much dos the size of my chosen DH group affect clients and the server
> when negotiating the
> connection?
*Very* much on the server side. It will kill your CPU.
> The SSLLabs test did not take any longer using a 4096 bit DH group instead of
> a 2048bit one.
Because you have 1 server dedicated to 1 client. Also SSLLabs is not exactly a
performance test.
> Could I (at least in theory) make a 8192 bit DH group, and not expect any
> performance
> problems?
Absolutely not, no, not even in theory. Don't do this. HAProxy users have had
severe performance
regression because of this.
Lukas
