[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-ssl
Subject:    Re: [apache-ssl] SSL v. non-SSL performance
From:       Chris French <chris () opengroup ! org>
Date:       2003-09-30 9:04:07
[Download RAW message or body]

Thanks Ben.

Feedback to my request also suggested a single webserver supporting both
ports and just disabling SSL for port 80.
Then if I redirect requests where the REMOTE_USER variable is set to the 
SSL port I guess that would do the trick.
Then we optimise it by creating direct links to https: at all the 'usual' 
explicit places where a login is required and the redirect catches the rest.


> > Currently we run two web servers, non-SSL and SSL, on the one
> > machine/website.
> > We use the standard Apache for 99% of web accesses and explicitly switch
> > people over to the SSL server (port 443) only if we want to request
> > sensitive data, like Credit Cards.
> > 
> > I've been asked to look at enforcing use of the SSL server for all
> > requests that need authentication.
> > 
> > One way would be to switch over the whole web to the SSL variant - has
> > anyone data  to show if  there would be a significant performance hit if
> > we were to use the SSL Apache for ALL accesses, whether needing
> > authentication or not.
> > This assumes we were to configure Start/Min/Max servers (and similar
> > config items)  the same as on the current server.
> > We would also need a way to redirect all http://xxx requests to
> > https://xxx   The Redirect directive would do it but at a performance
> > cost to the user.
> > 
> > Any views/other ideas gratefully received.
> 
> The bottom line is that yes: starting an SSL connection is significantly
> more expensive than a plain one. Running one doesn't cost much, its the
> startup that hurts (and session key change, of course). So, without
> quantifying how many connections you get, I can't say much more.
> 
> As for the redirect issue, I can't think of another way to do it (apart
> from giving out the right URL in the first place) so the cost is academic.
> 
> Cheers,
> 
> Ben.
> 
> -- 
> http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
> 

-- 

best regards, 

Chris

----------------------------------------------------------------------------
Chris French                                                  The Open Group
Database Administrator                              Apex Plaza, Forbury Road
EMail: c.french@opengroup.org                      Reading, England, RG1 1AX
Tel: +44 118 902 3042                             
Fax: +44 118 950 0110                               http://www.opengroup.org
----------------------------------------------------------------------------
Boundaryless Information Flow and Enterprise Architecture
October 20-24, 2003
Sheraton Premiere at Tyson's Corner, Washington DC
www.opengroup.org/washington2003
----------------------------------------------------------------------------
This email and any attachments are confidential to the intended recipient. 
If you are not the intended recipient, please delete it from your system 
and notify the sender. You should not copy it or use it for any purpose, 
nor disclose or distribute its contents to any other person.




-----------------------------------------------------------------------------------
to unsubscribe, send a blank email to: apache-ssl-unsubscribe@lists.aldigital.co.uk

[prev in list] [next in list] [prev in thread] [next in thread]