LoadMaster support for 4k / 4096 bit SSL certificates

The LoadMaster currently supports key sizes higher than 2048 bit. However, increasing the key size reduces the SSL Transactions Per Second (TPS) performance non-linearly. That means that performance with a 4096 bit key will drop substantially (by at least a power of four) compared to a 2048 bit key. In order to achieve the same performance with larger keys, more powerful hardware will be needed.

However, as indicated by the National Institute of Standards and Technology (NIST) (page 66); 2048 bit keys have a security lifetime until 2030. (RSA keys are under the heading IFC in Table 4) In paragraph 2 on page 65, the document discusses the need for security vs. impact on operations:

"In many cases, a variety of key sizes may be available for an algorithm. For some of the algorithms (e.g., public key algorithms, such as RSA), the use of larger key sizes than are required may impact operations, e.g., larger keys may take longer to generate or longer to process the data. However, the use of key sizes that are too small may not provide adequate security."

Was this article helpful?

0 out of 0 found this helpful

Comments