use SslAcceptor::mozilla_intermediate_v5

This allows TLSv1.3, and let the client select ciphers. After this change AES is prefered over chacha20, so TLS speed is now much faster.
2020-10-14 12:24:15 +02:00 · 2020-10-14 12:24:15 +02:00 · 62c74d7749
commit 62c74d7749
parent 254ec19412
2 changed files with 2 additions and 2 deletions
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@ -69,7 +69,7 @@ async fn run() -> Result<(), Error> {
    let key_path = configdir!("/proxy.key");
    let cert_path = configdir!("/proxy.pem");

-    let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+    let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
    acceptor.set_private_key_file(key_path, SslFiletype::PEM)
        .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
    acceptor.set_certificate_chain_file(cert_path)
--- a/src/bin/proxmox_backup_client/benchmark.rs
+++ b/src/bin/proxmox_backup_client/benchmark.rs
@ -86,7 +86,7 @@ struct BenchmarkResult {
 static BENCHMARK_RESULT_2020_TOP: BenchmarkResult =  BenchmarkResult {
    tls: Speed {
        speed: None,
-        top: 1_000_000.0 * 690.0, // TLS to localhost, AMD Ryzen 7 2700X
+        top: 1_000_000.0 * 1235.0, // TLS to localhost, AMD Ryzen 7 2700X
    },
    sha256: Speed {
        speed: None,