httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ron Croonenberg <>
Subject Re: [users@httpd] explicitly including other ciphers for use with https
Date Tue, 08 Dec 2015 15:33:00 GMT
Ok,  I want to use encrypted authentication BUT do not want to use any 
encryption of the data at all.

I do have 100% control over all off the IB fabric (and it is not in 
'user space', consider it an appliance'  this will be running on. I am 
not interested in something secure at this point, I am interested in 

On 12/07/2015 06:06 PM, William A Rowe Jr wrote:
> On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg <
> <>> wrote:
>     Hello,
>     I a building a storage system, using HTTP/HTTPS for ingesting data.
>     I would like to use the authentication over HTTPS, while after that
>     I want no encryption on the data because of peformance.
> Then you probably don't understand the performance impact of TLS.
> TLS is very expensive to negotiate between endpoints working from
> elliptic curve or prime math.  There's no avoiding this initial hit if you
> are going to use TLS whatsoever.
> Once the endpoints have completed the handshake, they exchange
> keys for a much simpler and more performant cipher such as the
> AES-256 cipher (for faster performance, you could use AES-128
> depending on the application).
> You will measure very little benefit dropping TLS once the handshake
> and your auth step is completed.
>     I think using  null ciphers, like eNULL would work, but how do I
>     change the configurations is httpd.conf/ssl.conf ?
>     The NULL cipher keys are in openssl,  I just want to use them.
> Only if you have 100% faith in the end-to-end topography of your
> network. That pretty much restricts you to localhost:. Otherwise,
> any man-in-the-middle can observe the data in transit and alter
> the data passed between your client and backend storage server,
> which makes the entire point of authenticating rather silly, don't
> you think?
> .

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message