| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Sean Chittenden <sean(at)chittenden(dot)org> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org, pgsql-interfaces(at)postgreSQL(dot)org |
| Subject: | Re: Speed of SSL connections; cost of renegotiation |
| Date: | 2003-04-11 03:05:53 |
| Message-ID: | 8640.1050030353@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-interfaces |
Sean Chittenden <sean(at)chittenden(dot)org> writes:
>> From sshd(8):
> -k key_gen_time
> Specifies how often the ephemeral protocol version 1 server key
> is regenerated (default 3600 seconds, or one hour).
Hmmm. But a server key isn't the same as a session key, is it? Is this
an argument for renegotiating session keys at all?
In any case, you can pump a heck of a lot of data through ssh in an
hour. Based on that, it sure looks to me like every-64K is a
ridiculously small setting. If we were to crank it up to a few meg, the
performance issue would go away, and we'd not really need to think about
changing to a time-based criterion.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2003-04-11 03:11:32 | Re: Speed of SSL connections; cost of renegotiation |
| Previous Message | Sean Chittenden | 2003-04-11 02:58:25 | Re: Speed of SSL connections; cost of renegotiation |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2003-04-11 03:11:32 | Re: Speed of SSL connections; cost of renegotiation |
| Previous Message | Sean Chittenden | 2003-04-11 02:58:25 | Re: Speed of SSL connections; cost of renegotiation |