Deploying 4096-bit HTTPS on the Raspberry Pi 2 was a bad idea

Who would have thought, right? :-)

After installing my certificate from Let’s Encrypt last week I was immediately confronted with the fact that I had made the wrong choice in regard to key sizes. By using a 4096-bit private key I was relying too heavily on the RPi2’s CPU. This became abundantly clear as page load times were increased by 500 – 1000ms.

Anyhow, since there was no going back to plain old HTTP, I decided to “downgrade” to 2048-bit encryption instead. As shown on the comparison chart below, it gave me nearly a decrease of 80 percent on the SSL timeline.

HTTPS 4096-bit vs 2048-bit
rsa2048 / rsa4096 on the RPi2

$ openssl speed rsa2048 rsa4096
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.067450s 0.002018s     14.8    495.6
rsa 4096 bits 0.499048s 0.007788s      2.0    128.4

Based on those numbers, better get in line for your handshakes…