Displaying 1 result from an estimated 1 matches for "11m56s".
Did you mean:
1m56s
2015 Nov 04
1
ssl-params: slow startup (patch for consideration)
...problem (if ssl_parameters_regenerate=0 or if
Dovecot uses old parameters until regeneration finishes), but for cold
starts, the server can be tied up for a few minutes creating DH parameters
while clients queue up.
I ran "openssl dhparam 2048" and got wildly varying run times of 1m45s,
11m56s, 0.4s, 2m19s, 3h23s. Most of the time was spent testing primality
of candidate p *and* (p-1)/2 -- so called "safe prime". If you're
unlucky, this can take a long time.
However, it appears "safe" primes are not what they're cracked up to be
-- they offer some guarantee...