Re: Speed of SSL connections; cost of renegotiation

> So, questions for the group: where did the decision to renegotiate
> every 64K come from? Do we need it at all? Do we need it at such a
> short interval? And if we do need it, shouldn't the logic be
> symmetric, so that renegotiations are forced during large input
> transfers as well as large output transfers?

It doesn't look like there's any guidance from mod_ssl in Apache 2.0.

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?rev=1.92&content-type=text/vnd.viewcvs-markup

'round line 536 begins a good set of comments, but I think the tail
end of the file has the best commentary:

* Because SSL renegotations can happen at any time (not only after
* SSL_accept()), the best way to log the current connection details is
* right after a finished handshake.

I think the correct solution to this is to have some way of specifying
this via libpq or by some external configuration file as it is
supposed to conform to the client or server's security policy. It'd
say by default that 640K is ok, but that it should be tunable and
apart of the connections properties. Ex:

Index: libpq-fe.h
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/libpq-fe.h,v
retrieving revision 1.91
diff -u -r1.91 libpq-fe.h
--- libpq-fe.h 2003/03/25 02:44:36 1.91
+++ libpq-fe.h 2003/04/11 01:12:32
@@ -154,6 +154,9 @@
* Password field - hide value "D" Debug
* option - don't show by default */
int dispsize; /* Field size in characters for dialog */
+#ifdef USE_SSL
+ int ssl_reneg_size; /* Rate at which the connection renegotiates keys */
+#endif
} PQconninfoOption;

/* ----------------

Someone on IRC suggested that this value be tuned automatically
depending on the cypher used. The more secure the cypher, the less
frequently rekeying is needed. DES = 64K, 3DES = 256K, AES = 512K?
Total WAG on the values there, but it conveys the point. -sc

--
Sean Chittenden