Is it possible to setup lighttpd server and curl client so that both the client and the server verify each other's self-signed SSL certificate but the file is downloaded without SSL encryption?
How can I setup this?
Asked
Active
Viewed 632 times
3
-
1Are you sure that makes sense? CPU load is caused by asymmetric crypto, hardly by the symmetric encryption of the transfer. – Hauke Laging Apr 17 '13 at 12:07
-
We are running it on relatively weak machine and we observe significant speeds drops during transfers. – jackhab Apr 17 '13 at 15:25
-
Have you compared the speed drops with encrypted and unencrypted connections? Maybe HTTP digest authentication is the solution for you (avoiding the SSL handshake CPU load). I don't know whether lighttpd supports that, though. – Hauke Laging Apr 17 '13 at 15:30
-
@Hauke Laging: The speed drops from hundreds to tens of Mb/s. – jackhab Apr 17 '13 at 19:18
1 Answers
5
Technically, it's possible to specify the the OpenSSL library not to use any encryption (SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_NULL_SHA and similar) but it doesn't make any sense from a security point of view: that would make it wide open to a man-in-the-middle attack.
I checked the lighthttpd documentation and it doesn't seem that you can pass it directly an OpenSSL cyphersuit constant. You might want to try it, though.
Stephane
- 6,432
- 3
- 26
- 47