13 Oct
2009
13 Oct
'09
2:23 p.m.
On Oct 13, 2009 at 12:57, Henning Westerholt <henning.westerholt(a)1und1.de> wrote:
On Samstag, 10. Oktober 2009, Olle E. Johansson
wrote:
IMHO 1024 keys are more then enough for normal SIP trafic.
The recommandation of using smaller keys is still valid. Even on modern
system encryption will eat a lot of CPU, and if you need to support
several hundreds encrypted connections in the same time you'll quickly
run into problems.
Andrei
"
Try to avoid using keys larger then 1024 bytes. Large keys
significantly slow down the TLS connection handshake, thus limiting
the maximum SIP-router TLS connection rate.
"
Is this still a valid recommendation? Based on which size of CPU/system?
Hi Olle,
i'd think that today we should suggest a larger key. I've found this page:
http://www.keylength.com/en/compare/
according to it newer sources suggest a value of at least 1536 bits for
asymmetric keys.