Unsolved
This post is more than 5 years old
108 Posts
0
40781
Slow HTTPS management access on M6220 and M8024
Hi,
We have a few M6220s and M8024s running the latest 5.x firmware version.
We've setup the HTTPS management access on them using a 2048 bit self-signed certificate, but the HTTPS interface is very slow, it's barely usable and it's much slower than the HTTP interface.
We're using the HTTPS interface using a 1024 bit self-signed certificate on a couple of 6248s running the latest 3.x firmware and it's much faster than on the M6220s and M8024s.
Any ideas on how to solve the problem?
Thanks.
DELL-Willy M
802 Posts
1
February 26th, 2013 09:00
Are you getting the same performance when using the 1024 bit or is it just when configured for 2048 on the M6220s and M8024s that you have the slow connection.
I will have to ask around and see what information I can pull up on the different encryption levels.
pzero
108 Posts
0
February 26th, 2013 10:00
Hi Willy,
Unfortunately we cannot replace the existing 2048 bit certificates with 1024 bit certificates at the moment, but it would be great if you managed to find some information about any performance differences.
If that was the issue, it would be weird: 2048 bit certificates are very common today (1024 bit certificates are not recommended anymore) and HTTPS sites running with 2048 certificates perform very well.
Thanks.
DELL-Willy M
802 Posts
1
February 26th, 2013 15:00
What browser are you using to connect? Are you seeing the same results from different browsers?
DELL-Willy M
802 Posts
1
February 26th, 2013 17:00
We have been able to replicate the situation in our lab. We are submitting it for resolution. I do not have an ETA as to when it will be addressed.
Thanks for letting us know.
pzero
108 Posts
0
February 27th, 2013 00:00
Hi Willy,
Thanks for the reply.
Is the issue only affecting 2048 bit certificates?
If 1024 bit certificates are not affected, we may make a temporary exception to our security policy.
Thanks.
DELL-Willy M
802 Posts
1
February 27th, 2013 09:00
From what I understand the 2048 bit certificate is taxing the cpu of the switch trying to process the larger certificate size while the switch is under a heavy load. If you need to have a secure connection to manage the switch you may want to consider the 1024 bit default as a temporary solution.
pzero
108 Posts
0
March 1st, 2013 06:00
Hi Willy,
Our M6220s/M8024s are not under heavy load at all, some of them are not handling traffic other than the management access and HTTPS access to them is very slow anyway.
Could the 2048 bit certificates be causing the issue even if there is no other load on the switches?
Thanks.
DELL-Willy M
802 Posts
1
March 1st, 2013 07:00
Yes, that is possible. We saw a spike in the cpu activity on one of our lab switches that has no load at all.
We have submitted a ticket up to the top level switch engineers. They will take a look at what options there for a resolution.
Sorry for the trouble.
pzero
108 Posts
0
March 4th, 2013 09:00
Hi Willy,
We replaced the 2048 bit self-signed certificates with 1024 bit ones on our M6220s/M8024s and unfortunately the HTTPS access is still very slow.
Any suggestions? Is it a bug?
Thanks.
DELL-Willy M
802 Posts
1
March 4th, 2013 15:00
Pzero,
I went back to our support group and they are seeing a spike in the CPU when using the 1024 bit certificates also. All this information has been documented in a case and will be submitted to the upper level engineers for resolution.
I apologize for stating that this was not the case. At that time we did not receive a negative response at the 1024 level.