On Sat, Oct 01, 2022 at 05:20:13PM -0600, Shawn Heisey wrote:
> If the way I got the total counts is valid, then most of the connections
> are NOT using TLS. I wonder how many of those are using plaintext
> because my cert is 4096 bit and their encryption library cannot use it.
> I don't know if there is any way to log enough information to determine
> that.
There's really no need. A 2048-bit TLS cert is just as strong as a
4096-bit cert, and sometimes more so, if interoperability is better.
There isn't enough compute power on earth to perform a 2^112 attack.
> The CPUs in this AWS instance are by AMD and have the "aes" flag. If
> openssl 1.1.1f for Ubuntu 20.04 uses that capability, then encryption
> should be greatly accelerated and be less of a CPU hog.
Hardware-assisted AES does not speed up RSA. On a shiny new server,
with all bells and whistles, "openssl speed" reports:
sign verify sign/s verify/s
rsa 2048 bits 0.000304s 0.000018s 3292.0 55984.2
rsa 4096 bits 0.004194s 0.000065s 238.4 15308.3
The time to sign (server's sign the TLS handshake) with rsa4096 ~13.8x
higher than the time to sign with rsa2048. Clients also burn more CPU
verifying the signature, though their cost is much lower.
The question isn't why you should consider not using 4096-bit RSA, it is
why you would in the first place.
--
Viktor.
