Re: [squid-users] SSL Reuse behavior

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Tue, 28 Oct 2008 21:21:15 +0100

On tis, 2008-10-28 at 11:17 +0100, Andre E. wrote:

> The odd thing is the following. The time difference in ms between SSL
> Reuse enabled and disabled is considerably higher when using the
> rsa-cipher. With diffie-hellman the difference is about 40% and rsa
> about 20%.

How big keys? DH requires significantly larger keys to compare with RSA
in terms of computation.

But worth noting is that session reuse not only cuts down on the
computational demands, but also network overhead, especially so if
non-persistent connections is used. By session reuse you save a
significant amount of bandwidth from the server thanks to avoiding
sending the server certificate chain, and more noticeable for response
time one roundtrip exchange for the session establishement & key
exchange.

But the benefits is not very noticeable if you do use persistent
connections, which is an even more efficient optimization of SSL setup
costs with both SSL and TCP setup costs completely eleminated by reusing
already existing connection.

Regards
Henrik

Received on Tue Oct 28 2008 - 20:21:23 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 29 2008 - 12:00:06 MDT