Urjit Gokhale wrote:
Hi all,I am planning to use SSL for the communication between my client and server. The idea is to use SSL *mainly* for peer authentication and validation (Both server and client authentication by means of certificates). Regarding the data encryption, I would like to have it as an optional feature. The motivation behind this desirable feature is that in a particular environment, I am not really worried about the data, but the client talking to my server. I would like to give up on encryption in favor of performance. So the questions are: 1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? 2) Would sacrificing on encryption *really* improve the performance ?
Maybe this would be possible using the NULL cipher combined with DH authentication... But if your problem is only performance I don't think it's worthwhile to worry about bulk encryption. Bulk encryption uses symetric ciphers that are cheap compared to the public key algorithms needed for authentication. It may be a concern if you want to reach transfer rates bigger than let's say 10 MByte/s, but encryping traffic on a typical internet connection will not keep your CPU really busy (assuming you're using a not too old desktop PC).
Thanks, ~ Urjit PS: This is my first mail to this list. So, in case, you think that my questions are out of the scope of this group, or you know of some other group which can yield me better answers, could you please point me to such groups ?
Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
