Deploying 4096-bit HTTPS on the Raspberry Pi 2 was a bad idea

Who would have thought, right? :-)

After installing my certificate from Let’s Encrypt last week I was immediately confronted with the fact that I had made the wrong choice in regard to key sizes. By using a 4096-bit private key I was relying too heavily on the RPi2’s CPU. This became abundantly clear as page load times were increased by 500 – 1000ms.

Anyhow, since there was no going back to plain old HTTP, I decided to “downgrade” to 2048-bit encryption instead. As shown on the comparison chart below, it gave me nearly a decrease of 80 percent on the SSL timeline.

HTTPS 4096-bit vs 2048-bit
rsa2048 / rsa4096 on the RPi2

$ openssl speed rsa2048 rsa4096
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.067450s 0.002018s     14.8    495.6
rsa 4096 bits 0.499048s 0.007788s      2.0    128.4

Based on those numbers, better get in line for your handshakes…

Roger Comply avatar
Roger Comply
Thank you for reading!
Feel free to waste more time by subscribing to my RSS feed.