[sr-dev] TLS key recommendation
Andrei Pelinescu-Onciul
andrei at iptel.org
Tue Oct 13 13:23:45 CEST 2009
On Oct 13, 2009 at 12:57, Henning Westerholt <henning.westerholt at 1und1.de> wrote:
> On Samstag, 10. Oktober 2009, Olle E. Johansson wrote:
> > "
> > Try to avoid using keys larger then 1024 bytes. Large keys
> > significantly slow down the TLS connection handshake, thus limiting
> > the maximum SIP-router TLS connection rate.
> > "
> >
> > Is this still a valid recommendation? Based on which size of CPU/system?
>
> Hi Olle,
>
> i'd think that today we should suggest a larger key. I've found this page:
> http://www.keylength.com/en/compare/
>
> according to it newer sources suggest a value of at least 1536 bits for
> asymmetric keys.
IMHO 1024 keys are more then enough for normal SIP trafic.
The recommandation of using smaller keys is still valid. Even on modern
system encryption will eat a lot of CPU, and if you need to support
several hundreds encrypted connections in the same time you'll quickly
run into problems.
Andrei
More information about the sr-dev
mailing list