Yes I think that probably would be the case.
on EDR HTTPS vs HTTP I loose about 15-20GB/s, almost half that is why am
trying to do HTTPS for the authentication only
On 12/03/2015 07:10 PM, Jakob Bohm wrote:
On 04/12/2015 03:03, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Ron Croonenberg
Sent: Thursday, December 03, 2015 18:35
To: openssl-users@openssl.org
Subject: Re: [openssl-users] explicitly including other ciphers.
The network is isolated from the outside worl, BUT we still need
authentication because different users are using it.
So what I preferably want is sort of a set up where,
authentication is done the "standard way" and after that just use the
https connection without the overhead of actually encrypting anything.
(and the lesss modifications and recompiling the better)
So rather than connecting directly to Apache, how about connecting to
a TLS proxy like stunnel, which would then connect to Apache over
vanilla HTTP. Configure Apache to only bind to loopback addresses
(127/8 and/or ::1), so no one can bypass the proxy.
That's assuming stunnel doesn't also play silly buggers with the
cipher suite list.
Wouldn't that extra hop via stunnel cost performance
(noting that Ron is apparently running at faster than
gigabit speed).
Enjoy
Jakob
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
