> From: openssl-users On Behalf Of Michael Wojcik > Sent: Thursday, December 18, 2014 21:27
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf > > Of Kurt Roeckx > > Sent: Thursday, December 18, 2014 16:36 > > To: openssl-users@openssl.org > > Subject: Re: [openssl-users] OpenSSL performance issue > > > > So the differnce here is that jave picks a DHE ciphersuite while otherwise > you > > didn't. DHE gives you forward secrecy but is slower. > > And if DH parameters have not been set, OpenSSL will have to generate > them on the fly, which can be *very* slow (relative to normal conversation > establishment). > I think this is new in trunk; in all released versions of OpenSSL server it won't use DHE/A and or ECDHE/A if parameters have not been set. And the case here is OpenSSL client to Java proxy acting as server. JSSE server uses hardcoded parameters, from some standard -- I vaguely recall it being Oakley but don't remember details. _______________________________________________ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
