Home > mailing lists

Re: [HACKERS] Speed of SSL connections; cost of renegotiation - Mailing list pgsql-interfaces

From	Sean Chittenden
Subject	Re: [HACKERS] Speed of SSL connections; cost of renegotiation
Date	April 11, 2003 16:08:29
Msg-id	20030411032242.GL79923@perrin.int.nxad.com Whole thread Raw
In response to	Re: [HACKERS] Speed of SSL connections; cost of renegotiation (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-interfaces

Tree view

> >> From sshd(8):
> 
> >      -k key_gen_time
> >              Specifies how often the ephemeral protocol version 1 server key
> >              is regenerated (default 3600 seconds, or one hour).
> 
> Hmmm.  But a server key isn't the same as a session key, is it?  Is this
> an argument for renegotiating session keys at all?

The server and client can kick off a key renegotiation.  Generally
it's left up to the client from what I can tell.  The key specified
above is the public key used before the session is encrypted so that
makes sense to rekey... once encrypted though, I don't think it's
necessary to rekey that often.  10MB would likely be a nice and
conservative level that should be outside of the scope of most
PostgreSQL transactions.  -sc

-- 
Sean Chittenden

pgsql-interfaces by date:

From: "Christopher Kings-Lynne"
Date: 11 April 2003, 16:08:23
Subject: Re: [HACKERS] Speed of SSL connections; cost of renegotiation

From: Sean Chittenden
Date: 11 April 2003, 16:15:23
Subject: Re: [HACKERS] Speed of SSL connections; cost of renegotiation

Re: [HACKERS] Speed of SSL connections; cost of renegotiation - Mailing list pgsql-interfaces

Previous

Next