Home > mailing lists

Re: Speed of SSL connections; cost of renegotiation - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Speed of SSL connections; cost of renegotiation
Date	April 11, 2003 02:05:52
Msg-id	8640.1050030353@sss.pgh.pa.us Whole thread Raw
In response to	Re: Speed of SSL connections; cost of renegotiation (Sean Chittenden <sean@chittenden.org>)
Responses	Re: Speed of SSL connections; cost of renegotiation (Sean Chittenden <sean@chittenden.org>)
List	pgsql-hackers

Tree view

Sean Chittenden <sean@chittenden.org> writes:
>> From sshd(8):

>      -k key_gen_time
>              Specifies how often the ephemeral protocol version 1 server key
>              is regenerated (default 3600 seconds, or one hour).

Hmmm.  But a server key isn't the same as a session key, is it?  Is this
an argument for renegotiating session keys at all?

In any case, you can pump a heck of a lot of data through ssh in an
hour.  Based on that, it sure looks to me like every-64K is a
ridiculously small setting.  If we were to crank it up to a few meg, the
performance issue would go away, and we'd not really need to think about
changing to a time-based criterion.
        regards, tom lane

pgsql-hackers by date:

From: Sean Chittenden
Date: 11 April 2003, 01:58:42
Subject: Re: Speed of SSL connections; cost of renegotiation

From: "Christopher Kings-Lynne"
Date: 11 April 2003, 02:12:12
Subject: Re: Speed of SSL connections; cost of renegotiation

Re: Speed of SSL connections; cost of renegotiation - Mailing list pgsql-hackers

Previous

Next