Jump to content
Not connected, Your IP: 3.230.143.40
go558a83nk

stunnel cipher options for CPU conservation

Recommended Posts

I'm running stunnel 5.14 with openssl 1.0.2a on my router.  It seems the cipher that's negotiated is probably a little stronger than it needs to be (ECDHE-RSA-AES256-GCM-SHA384).  The config, AirVPN*.ssl, only has a NO_SSLv2 option which is fine, of course.  But, are there any other options I can input that will get stunnel to negotiate a cipher suite that's less CPU intensive?

 

thanks for the help

Share this post


Link to post

Thanks. I'd love to hear from staff an answer to my actual question.   I can pull 50mbit/s with my setup but just trying to get every bit I can.

Share this post


Link to post

Hello!

 

Since our servers will accept a variety of ciphers for SSL this is possible by configuring stunnel. However, configuring parameters for stunnel is currently not implemented in Eddie. Please see for example:

https://www.stunnel.org/pipermail/stunnel-users/2013-February/004112.html

 

Anyway, you probably don't need to bother about that. Nowadays computer CPUs are so powerful that they are not loaded at capacity by the current stunnel and OpenVPN ciphers you're using (well, it also depends on how much load they have from other tasks...).

 

Kind regards

Share this post


Link to post

Hello!

 

Since our servers will accept a variety of ciphers for SSL this is possible by configuring stunnel. However, configuring parameters for stunnel is currently not implemented in Eddie. Please see for example:

https://www.stunnel.org/pipermail/stunnel-users/2013-February/004112.html

 

Anyway, you probably don't need to bother about that. Nowadays computer CPUs are so powerful that they are not loaded at capacity by the current stunnel and OpenVPN ciphers you're using (well, it also depends on how much load they have from other tasks...).

 

Kind regards

 

Please re-read my post.  I'm using stunnel on my router.

 

edit: anyway, I got it.  I just added a line to the ssl file "ciphers = DHE-RSA-AES128-SHA256" and it works.  noticibly less CPU usage and still a TLS1.2 cipher.

Share this post


Link to post

 

Please re-read my post.  I'm using stunnel on my router. :)

 

edit: anyway, I got it.  I just added a line to the ssl file "ciphers = DHE-RSA-AES128-SHA256" and it works.  noticibly less CPU usage and still a TLS1.2 cipher.

 

Ok, great! What is your firmware? Did you compile stunnel by yourself for your router or is it an already available version?

 

Kind regards

Share this post


Link to post

 

 

Please re-read my post.  I'm using stunnel on my router.

 

edit: anyway, I got it.  I just added a line to the ssl file "ciphers = DHE-RSA-AES128-SHA256" and it works.  noticibly less CPU usage and still a TLS1.2 cipher.

 

Ok, great! What is your firmware? Did you compile stunnel by yourself for your router or is it an already available version?

 

Kind regards

 

merlin asus 378.51 on AC68 with entware-arm installed.  stunnel is available in the entware-arm repository.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...