projects / openwrt / staging / hauke.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 16c112d) | patch
uhttpd: Use elliptic curve keys by default tls
authorHauke Mehrtens <hauke@hauke-m.de>
Sat, 2 Jun 2018 20:31:28 +0000 (22:31 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 20 Oct 2018 17:01:47 +0000 (19:01 +0200)
commit9809e978afd4adb03bbd9569b439a585f040ccf8
tree816f685bbb1e7f436f7edcbd041298834b305e30tree | snapshot
parent16c112db0075ba6cbb3f4aa2f792f6abc8d72a8bcommit | diff
uhttpd: Use elliptic curve keys by default

Instead of generating a RSA key pair generate an elliptic curve key pair
by default. Elliptic curve signatures are much faster than RSA
signatures with mbedtls on MIPS BE hardware.

I measured these numbers with mbedtls 2.9.0 on a Lantiq xrx200 SoC with
a 500 MHz MIPS BE CPU:
 * RSA-2048                 :  143.700000  public/s
 * RSA-2048                 :  1.300000 private/s

 * ECDSA-secp384r1          :  7.600000 verify/s
 * ECDSA-secp384r1          :  27.900000 sign/s
 * ECDSA-secp256r1          :  12.300000 verify/s
 * ECDSA-secp256r1          :  41.000000 sign/s
 * ECDSA-secp256k1          :  11.400000 verify/s
 * ECDSA-secp256k1          :  39.000000 sign/s

The TLS server needs one signature or public key operation per
handshake.

ECDSA keys are support by all modern browsers starting with:
 * Internet Explorer 7
 * Firefox 2
 * Opera 8 (with TLS 1.1 enabled)
 * Google Chrome v5.0.342.0
 * Safari 2.1
 * Mobile Safari for iOS 4.0
 * Android 3.0 (Honeycomb) and later
 * Windows Phone 7
Source: https://support.cloudflare.com/hc/en-us/articles/203041594-What-browsers-work-with-Cloudflare-s-SSL-certificates-

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/network/services/uhttpd/files/uhttpd.init diff | blob | history
Hauke Mehrtens staging tree