Always use fixed DH parameters created with 'dhparam -C',
don't dynamically create them. This allows using ssltest for approximate performance comparisons: $ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \ [-no_dhe|-dhe1024dsa|-dhe1024] (server2.pem contains a 1024 bit RSA key, the default has only 512 bits.) Note that these timings contain both the server's and the client's computations, they are not a good indicator for server workload in different configurations.
parent
ce301b6b
Please register or sign in to comment