Skip to content

decrease latency for new TLS connections #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mark-kubacki wants to merge 2 commits into
base: master
Choose a base branch
from
Open

decrease latency for new TLS connections #2

mark-kubacki wants to merge 2 commits into from

Conversation

@mark-kubacki
Copy link

@mark-kubacki mark-kubacki commented Dec 14, 2017

No description provided.

@mark-kubacki
certs: use ecdsa certs instead of a RSA one
f5e7195 
Signing and verifying is way faster with the optimized P-256 curve,
and the ECDSA scheme.
@mark-kubacki
client: use TLS tickets for faster reconnects
05cf4ea
@mark-kubacki
Copy link
Author

mark-kubacki commented Dec 14, 2017

Ideally you'd then:

  1. Use the x25519 curve only (and skip the NIST Pxxx ones).
  2. Expire the current TLS ticket secret (server-side) after so many hours to actually implement PFS.

With (1) you could run into compatibility issues because some old TLS stacks don't support x25519.
(2) would make your example a tiny bit more complex, but I could implement this in a separate PR in like 70 lines.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mark-kubacki