Prime calculation for OpenSSL just goes on


#1

Doing ./setup_discourse.

Got message:

I, [2016-12-22T13:11:02.252563 #13]  INFO -- : > mkdir -p /shared/ssl/
I, [2016-12-22T13:11:02.255731 #13]  INFO -- : 
I, [2016-12-22T13:11:02.256394 #13]  INFO -- : > [ -e /shared/ssl/dhparams.pem ] || openssl dhparam -out /shared/ssl/dhparams.pem 4096
Generating DH parameters, 4096 bit long safe prime, generator 2
This is going to take a long time

And then I started getting dots and plusses. So I guess it’s generating a prime, but the discourse install said that it’ll take 2-8 minutes to bootstrap and I’m running at 30 minutes now… Is this a bug or intended? If latter, should it be noted at the installation guidelines…

In computer stats, it says that openssl is taking 92.87% of cpu.


2048 bit Diffie-Hellman Params are too weak
(Rafael dos Santos Silva) #2

This has been changed last week or so, we are using stronger DH, so it will take a little longer.


#3

Thanks! Any idea how long? A suggestion to add it here:

It says:

This will generate an app.yml configuration file on your behalf, and then kicks off bootstrap. Bootstrapping takes between 2-8 minutes to set up your Discourse.


It’s done now… Approx. 40-50 minutes.


(Rafael dos Santos Silva) #4

This will vary a lot depending on the Hardware of the provider, and how much load the host machine have.


(Blake Erickson) #5

I did this a few days ago on a 1gb digital ocean box and it took several hours, but it did finish.


#6

Also 1GB DO-box for me, but only approx. 40 minutes.


(Jeff Atwood) #7

If it is taking several hours on digital ocean – or 40 minutes – I think we went too far here @falco – this is bad.


(Rafael dos Santos Silva) #8

Reverted back to 2048, since 4096 is 16x slower on average

time openssl dhparam -out /shared/ssl/dhparams.pem 2048
real    0m35.631s
user    0m35.352s
sys     0m0.068s

time openssl dhparam -out /shared/ssl/dhparams.pem 4096
real    48m55.420s
user    48m44.788s
sys     0m2.920s

(Jeff Atwood) #9