Deploying 4096-bit HTTPS on the Raspberry Pi 2 was a bad idea
Who would have thought, right? :-)
After installing my certificate from Let’s Encrypt last week I was immediately confronted with the fact that I had made the wrong choice in regard to key sizes. By using a 4096-bit private key I was relying too heavily on the RPi2’s CPU. This became abundantly clear as page load times were increased by 500 – 1000ms.
Anyhow, since there was no going back to plain old HTTP, I decided to “downgrade” to 2048-bit encryption instead. As shown on the comparison chart below, it gave me nearly a decrease of 80 percent on the SSL timeline.
rsa2048 / rsa4096 on the RPi2 $ openssl speed rsa2048 rsa4096 sign verify sign/s verify/s rsa 2048 bits 0.067450s 0.002018s 14.8 495.6 rsa 4096 bits 0.499048s 0.007788s 2.0 128.4
Based on those numbers, better get in line for your handshakes…