On Wed, Feb 2, 2022 at 12:45 PM bengalih <nginx-fo...@forum.nginx.org> wrote: > > > Note that SSL is likely the most important contributor to CPU > > utilization in this setup. It might be a good idea to carefully > > tune ciphers used. > > I believe I have set this fairly appropriately. If you know of a resource > that would explain this in more detail I would appreciate it.
Key exchange is the expensive part of a TLS connection. Once the key exchange is complete, the bulk encryption using AES or ChaCha is relatively fast. Key exchange will be measured in hundreds of connections per second. Once the connection is established thousands of clients can be serviced. But the key exchange is the hard part. If you use an integer field for key exchange, then DH-2048 and DH-3072 will bog the machine down. You can make key exchange easier by using elliptic curves. Also see articles like https://en.wikipedia.org/wiki/TLS_acceleration Jeff Jeff _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
