On Fri, Jun 06, 2008 at 10:56:56AM -0700, Ace wrote:
> Thanks Victor! Yes the performance is critical. Another thing is, I just
> checked the PKI handshakes with RC4 and was amazed to see the 75% of gain in
> performance. Am I loosing something more than DH parameters in handshakes
> when going with RC4?
You lose forward-secrecy, if your private key is ever disclosed, *all*
past traffic (if it was recorded) can be decrypted. This is not the
case with DHE (aka EDH) ciphers. Neither RC4-SHA nor RC4-MD5 use EDH
key exchange.
You have to decide how much security you need and at what cost. A factor
of 2 in performance is not necessarily compelling, a factor of 10 or
100 generally is, but no security at all, is faster still, you have to
draw the line somewhere that makes sense.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
