Mailing List Archive: Possible addition to the guide

Possible addition to the guide

matt at sergeant

Feb 17, 2000, 7:01 AM

Post #1 of 6 (1529 views)

In the section on KeepAlives, it's probably worth adding a note about how
its beneficial to use KeepAlive if you're using SSL, because the expense of
re-establishing SSL connections is much higher than ordinary connections.

--
<Matt/>

Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.

Re: Possible addition to the guide [ In reply to ]

gunther at extropia

Feb 17, 2000, 12:05 PM

Post #2 of 6 (1468 views)

It shouldn't be that much higher? Once the browser has gotten the symmetric
session id, it will be reused among subsequent HTTPS requests instead of doing
a key exchange all over again.

Matt Sergeant wrote:

> In the section on KeepAlives, it's probably worth adding a note about how
> its beneficial to use KeepAlive if you're using SSL, because the expense of
> re-establishing SSL connections is much higher than ordinary connections.
>
> --
> <Matt/>
>
> Details: FastNet Software Ltd - XML, Perl, Databases.
> Tagline: High Performance Web Solutions
> Web Sites: http://come.to/fastnet http://sergeant.org
> Available for Consultancy, Contracts and Training.

Re: Possible addition to the guide [ In reply to ]

khera at kciLink

Feb 17, 2000, 12:07 PM

Post #3 of 6 (1488 views)

>>>>> "GB" == Gunther Birznieks <gunther@extropia.com> writes:

GB> It shouldn't be that much higher? Once the browser has gotten the
GB> symmetric session id, it will be reused among subsequent HTTPS
GB> requests instead of doing a key exchange all over again.

You just need to make sure your SSL server caches those ids.
When this was implemented in stronghold, the performance really picked
up...

Re: Possible addition to the guide [ In reply to ]

sbekman at iname

Feb 20, 2000, 9:02 AM

Post #4 of 6 (1476 views)

> >>>>> "GB" == Gunther Birznieks <gunther@extropia.com> writes:
>
> GB> It shouldn't be that much higher? Once the browser has gotten the
> GB> symmetric session id, it will be reused among subsequent HTTPS
> GB> requests instead of doing a key exchange all over again.
>
> You just need to make sure your SSL server caches those ids.
> When this was implemented in stronghold, the performance really picked
> up...

Can someone post the details of the configuration, to make SSL server
cache those ids?

Thank you!

_______________________________________________________________________
Stas Bekman mailto:sbekman@iname.com http://www.stason.org/stas
Perl,CGI,Apache,Linux,Web,Java,PC http://www.stason.org/stas/TULARC
perl.apache.org modperl.sourcegarden.org perlmonth.com perl.org
single o-> + single o-+ = singlesheaven http://www.singlesheaven.com

Re: Possible addition to the guide [ In reply to ]

khera at kciLink

Feb 21, 2000, 8:40 AM

Post #5 of 6 (1475 views)

>>>>> "SB" == Stas Bekman <sbekman@iname.com> writes:

SB> Can someone post the details of the configuration, to make SSL server
SB> cache those ids?

That would be server-dependent. I think stronghold does this by
default configuration. Can't say about any others.

Re: Possible addition to the guide [ In reply to ]

gunther at extropia

Feb 21, 2000, 9:23 AM

Post #6 of 6 (1482 views)

On Mon, 21 Feb 2000, Vivek Khera wrote:

> >>>>> "SB" == Stas Bekman <sbekman@iname.com> writes:
>
> SB> Can someone post the details of the configuration, to make SSL server
> SB> cache those ids?
>
> That would be server-dependent. I think stronghold does this by
> default configuration. Can't say about any others.
>
My understanding is that Ralf has had this for the last half year+ in
mod_ssl. I think it was first implemented using a dbm file for lookup
amongst the processes, and then more recently with mmap/ipc/sharedmem type
facilities. But don't quiz me on the details...