As seen in Chapter 7, "SSL/TLS," the computations required make SSL a resource-intensive protocol. This may impact the performance of your backend servers in a similar way to what was described in the previous section. One way to solve this issue is by having dedicated, optimized boxes running a reverse proxy with SSL support. The reverse proxy does all the heavy lifting, processing the SSL requests, maybe doing certificate-based authentication, and passing the requests as plain HTTP to the backend servers. The content is generated and returned to the reverse proxy, which performs the resource-intensive task of encrypting it. Since the SSL end-point is the reverse proxy, some information, such as certificate-related information, is lost and does not reach the backend server. How to do this is described in the next couple of sections. |