Re: Speed of SSL connections; cost of renegotiation
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Sean Chittenden <sean@chittenden.org>
Cc: pgsql-hackers@postgreSQL.org, pgsql-interfaces@postgreSQL.org
Date: 2003-04-11T03:05:53Z
Lists: pgsql-hackers
Sean Chittenden <sean@chittenden.org> writes: >> From sshd(8): > -k key_gen_time > Specifies how often the ephemeral protocol version 1 server key > is regenerated (default 3600 seconds, or one hour). Hmmm. But a server key isn't the same as a session key, is it? Is this an argument for renegotiating session keys at all? In any case, you can pump a heck of a lot of data through ssh in an hour. Based on that, it sure looks to me like every-64K is a ridiculously small setting. If we were to crank it up to a few meg, the performance issue would go away, and we'd not really need to think about changing to a time-based criterion. regards, tom lane