Improving SSL Performance


The algorithms involved in SSL are CPU-intensive and may slow down your server significantly, especially if you have many simultaneous client connections. The handshake phase can also impose a delay in the request. There are a number of options you can consider to improve the responsiveness of your site.

Make sure you have enabled session caching. This will speed up multiple connections from the same client. If you are using a cluster of SSL servers, you may want to use distcache, so the connection data can be cached even if the client connects to multiple servers in the cluster. Apache 2.2 includes support for distcache out of the box. You can learn more about this project at http://www.distcache.org.

Consider having a dedicated machine just for SSL processing. Depending on your needs, this may be a commercial hardware load balancer or a dedicated machine running a reverse proxy (a web server that relies on requests to other web servers on behalf of the client). This allows for optimizations in the Apache and OS configuration that would not be possible if the machine is also serving other purposes, such as running PHP, Tomcat, and MySQL. A reverse proxy can provide additional benefits such as load-balancing and single sign-on, possibly using client certificates, across a number of backend websites. See Chapter 10 for details.

Finally, you can install a crypto-card, a piece of hardware that is designed to offload the server from performing most of the SSL processing. Apache 2.2 provides support for this functionality; take a look at the SSLCryptoDevice directive.




Apache(c) Phrase Book(c) Essential Code and Commands
Apache Phrasebook
ISBN: 0672328364
EAN: 2147483647
Year: 2006
Pages: 254

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net