Skip site navigation (1) Skip section navigation (2)

Re: Speed of SSL connections; cost of renegotiation

From: Sean Chittenden <sean(at)chittenden(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgreSQL(dot)org, pgsql-interfaces(at)postgreSQL(dot)org
Subject: Re: Speed of SSL connections; cost of renegotiation
Date: 2003-04-11 03:22:42
Message-ID: 20030411032242.GL79923@perrin.int.nxad.com (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-interfaces
> >> From sshd(8):
> 
> >      -k key_gen_time
> >              Specifies how often the ephemeral protocol version 1 server key
> >              is regenerated (default 3600 seconds, or one hour).
> 
> Hmmm.  But a server key isn't the same as a session key, is it?  Is this
> an argument for renegotiating session keys at all?

The server and client can kick off a key renegotiation.  Generally
it's left up to the client from what I can tell.  The key specified
above is the public key used before the session is encrypted so that
makes sense to rekey... once encrypted though, I don't think it's
necessary to rekey that often.  10MB would likely be a nice and
conservative level that should be outside of the scope of most
PostgreSQL transactions.  -sc

-- 
Sean Chittenden


In response to

pgsql-hackers by date

Next:From: Rod TaylorDate: 2003-04-11 03:28:02
Subject: Re: Speed of SSL connections; cost of renegotiation
Previous:From: Curt SampsonDate: 2003-04-11 03:17:57
Subject: Re: Speed of SSL connections; cost of renegotiation

pgsql-interfaces by date

Next:From: Rod TaylorDate: 2003-04-11 03:28:02
Subject: Re: Speed of SSL connections; cost of renegotiation
Previous:From: Curt SampsonDate: 2003-04-11 03:17:57
Subject: Re: Speed of SSL connections; cost of renegotiation

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group