Where I work we are going to deploy a large secure
site, and the question comes up over and over again
about the bandwidth overhead involved with SSL/TLS
when using client authenticated certs.
By using openssl s_client to connect to our SSL
server here is the results:
content = 2529 bytes or 2.47 K
-- This is the actual content length of the data, meaning
if there were no encryption, then this would be the
amount of data sent from the server to the client.
read = 14,912 bytes 14.56 K
write = 2,357 bytes 2.30 K
Does this seem reasonable, and if so why is there so
much overhead?
I understand that there is the handshaking, and the
server sending its cert, the server asking for the
client cert, and the client sending it, plus the
overhead from encrypting and padding the data, but
this still seems like a bit much.
Sorry, I cannot include the dump from s_client but
here is some of the output:
SSL handshake has read 1947 bytes and written 304 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv3
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
8CF0D4B0C765A3FBD88F3AC2D53DB9715670DBC27793B1C840CC01B55959B1C9
Session-ID-ctx:
Master-Key:
EEBCAE61A5B7C08171D5810B637C63B92A9CFC466565D68329FA177C88F25EB8D6B12976B3D7
41C35F4006207BDC1BBE
Key-Arg : None
Start Time: 970008820
Timeout : 7200 (sec)
Verify return code: 0 (ok)
and the client public key is 1024 bit as well.
Thanks,
Mike
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
