> Some customers may require 4096 bit keys as it seems to be much more > decent than 2048 nowadays.
I've not come across any recommendations pointing in that direction, in fact 2048-bit RSA are supposed to be safe for commercial use until 2030. I don't think this is a real requirement from knowledgeable people, to be frank. In any case it doesn't make any sense because if your customer really has such huge requirements you may as well switch to ECC because you won't be able to support old clients anyway. > That's still more than 96% difference compared to non-SSL Well your are basically benchmarking your stack with a TLS specific denial of service attack. Of course the same attack without TLS won't have noticable effect on the stack. So that number is quite obviously high. >> Thats why Apache will scale better currently, because its threading. > > Hm, I haven't tried Apache yet but would that be a huge benefit compared > to a setup using nbproc> 1? I haven't tried it either, but yes, I would assume so. It also doesn't block other connections will handshaking new ones. Regards, Lukas
