Re: Speed of SSL connections; cost of renegotiation

Sean Chittenden <sean@chittenden.org> writes:
>> From sshd(8):

>      -k key_gen_time
>              Specifies how often the ephemeral protocol version 1 server key
>              is regenerated (default 3600 seconds, or one hour).

Hmmm.  But a server key isn't the same as a session key, is it?  Is this
an argument for renegotiating session keys at all?

In any case, you can pump a heck of a lot of data through ssh in an
hour.  Based on that, it sure looks to me like every-64K is a
ridiculously small setting.  If we were to crank it up to a few meg, the
performance issue would go away, and we'd not really need to think about
changing to a time-based criterion.
        regards, tom lane