Skip to content

Commit

Permalink
doc: remove statement about (EC)DHE performance
Browse files Browse the repository at this point in the history
This statement is misleading in that it says "key generation is
expensive". ECDHE key generation (over the elliptic curves that are
commonly used for TLS) is insanely fast compared to most other types
of key generation.

This statement is irrelevant for TLS 1.3, which requires (EC)DHE.

Even if this statement is somewhat true for TLS 1.2, it does not
justify discouraging the use of (EC)DHE.

PR-URL: #41528
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
  • Loading branch information
tniessen authored and BethGriggs committed Jan 24, 2022
1 parent 336c18d commit be63dc5
Showing 1 changed file with 0 additions and 3 deletions.
3 changes: 0 additions & 3 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,6 @@ the character "E" appended to the traditional abbreviations):
* [ECDHE][]: An ephemeral version of the Elliptic Curve Diffie-Hellman
key-agreement protocol.

Ephemeral methods may have some performance drawbacks, because key generation
is expensive.

To use perfect forward secrecy using `DHE` with the `tls` module, it is required
to generate Diffie-Hellman parameters and specify them with the `dhparam`
option to [`tls.createSecureContext()`][]. The following illustrates the use of
Expand Down

0 comments on commit be63dc5

Please sign in to comment.