101 · Question #579
An administrator is updating private keys used for SSL encryption from 1024 to 2048 bits. Which possible effect should the administrator consider when performing this activity?
The correct answer is A. The larger Key size will increase processing requirements. Doubling the RSA private key size from 1024 to 2048 bits significantly increases the computational load required for SSL/TLS handshake operations.
Question
An administrator is updating private keys used for SSL encryption from 1024 to 2048 bits. Which possible effect should the administrator consider when performing this activity?
Options
- AThe larger Key size will increase processing requirements
- BSome hardware will NOT support the 2048 key
- CSome certificate authorities will NOT support the 2048 key
- DThe larger key sire will increase private key installation complexity
How the community answered
(24 responses)- A88% (21)
- B4% (1)
- C4% (1)
- D4% (1)
Why each option
Doubling the RSA private key size from 1024 to 2048 bits significantly increases the computational load required for SSL/TLS handshake operations.
RSA encryption and decryption operations scale non-linearly with key length - a 2048-bit key requires substantially more CPU cycles per operation than a 1024-bit key. On high-traffic systems such as a BIG-IP load balancer handling many simultaneous TLS handshakes, this increased processing overhead can reduce throughput and increase latency. Administrators should account for this when planning key upgrades, potentially requiring hardware offloading or capacity adjustments.
Modern hardware and software stacks broadly support 2048-bit RSA keys, which have been the industry standard for many years and are not a compatibility concern.
Major certificate authorities not only support 2048-bit keys but have deprecated 1024-bit keys and require a minimum of 2048 bits for issued certificates.
The process of installing a private key is the same regardless of key length and does not become meaningfully more complex at 2048 bits.
Concept tested: SSL/TLS key size impact on processing overhead
Source: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-13-0-0/4.html
Topics
Community Discussion
No community discussion yet for this question.