craig mcmillan (craig@jcp.co.uk)
Thu, 14 Jan 1999 12:25:32 +0000
At 22:16 13/01/99 -0800, James A. Donald wrote:
>Why are secure web pages are so !@#$%^&*()_ slow
...
hi james,
you describe one particular ssl key exchange method:- that used
by the SSL_DHE group of cipher suites [ there are six such
cipher suites from a total of 15 useful, full strength cipher
suites in ssl 3.0 ], in anonymous client/authenticated server
mode. some of the messages you describe are out of order,
but it's about right.
SSL 3.0 supports two other key exchange methods, using
fixed DH and RSA techniques, all offering the option of server
only or both client and server authentication [ neglecting the
NULL, DH_anon and fortezza cipher suites ].
SSL 3.0 also supports the concept of
session resumption, permitting a client-server pair to re-use
a secret generated by a previous handshake. resumed sessions
are negotiated wihout requiring any public key operations,
and are thus opened much faster. whether a client or a server
permit session resumption at all, and if they do, how
long session information is cached, is implementation
defined.
if you are observing excruciatingly slow connection times for
secure sockets, then it's most likely that your client or server
is configured to prohibit session resumption.
c
pgp public key available from keyservers everywhere
key id: 0xE32C8445
fingerprint: 8F94 59A7 B7D3 50B7 9EE1 FB90 70E9 30A9 E32C 8445
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:03