Menu
▾
▴
Re: SSL is slow
|
From: Chris R. <chr...@me...> - 2002-04-16 09:11:05
|
Lars Skj=E6rlund <la...@sp...> wrote: > Hi again list, >=20 > Working with Novell NDS/eDir, I have to login to my LDAP server using > SSL. >=20 > Whilst this is not a problem, it's rather slow. After login, everything > runs pretty fast, but it does take quite a while to login. >=20 > As I'm on a protected network, I don't really care about the > certificate on the server - it's self-assigned, so I tell Perl LDAP to > ignore it. On the other hand, I want encrypted communication to avoid > evesdropping with a sniffer. >=20 > Is there any way to speedup this initial login? >=20 > Regards, > Lars About the first thing that happens on a TLS connection is a crypto "handshake", and it sounds like this is what is being slow for you. Common reasons for that are that the client wants a different strength symmetric key than the server has, so the server has to generate a new one for you. (Something like that anyway, my memory is pretty hazy.) So check what key lengths and algorithms you're asking for, and what the server supports. You can run the openssl s_client program in verbose/debug mode to find out what the server's advertising, which might help. Cheers, Chris |
