Re: Speed of SSL connections; cost of renegotiation

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Sean Chittenden <sean@chittenden.org>
Cc: pgsql-hackers@postgreSQL.org, pgsql-interfaces@postgreSQL.org
Date: 2003-04-11T03:05:53Z
Lists: pgsql-hackers
Sean Chittenden <sean@chittenden.org> writes:
>> From sshd(8):

>      -k key_gen_time
>              Specifies how often the ephemeral protocol version 1 server key
>              is regenerated (default 3600 seconds, or one hour).

Hmmm.  But a server key isn't the same as a session key, is it?  Is this
an argument for renegotiating session keys at all?

In any case, you can pump a heck of a lot of data through ssh in an
hour.  Based on that, it sure looks to me like every-64K is a
ridiculously small setting.  If we were to crank it up to a few meg, the
performance issue would go away, and we'd not really need to think about
changing to a time-based criterion.

			regards, tom lane