Hi, GnuTLS's RSA key generation time is really long, making it barely usable in real life (you would not want to wait half an hour for a new https site you visit). I tried "openssl rsa 1024" and it took only a few seconds. How about dropping GnuTLS support in favor of OpenSSL? I made a patch, which simply calls "openssl rsa 1024" to generate private keys. It worked really well I did not have to wait while surfing https sites.
If it's not feasible to adapt openssl, how about an option to reuse existing private keys? It makes system much weaker, but for a single user system like mine, I don't really care. Cheers, -- Duy
