Securing a Website with TLS

TLS uses X.509 certificates and asymmetric (public/private) key cryptography to establish the identity of the server (or client) and, subsequently, symmetric encryption to traffic securely between the client and server. A handshake between the server and client is used to set up a secure session between the two machines. If at any point during the handshake a failure occurs, then either the session is not established or, in the case of recoverable errors, the user is warned of a potential issue and must manually choose to continue with the establishment of the session.

Note

Since Windows Server 2003 SP1, administrators have been able to use kernel mode SSL, using functionality provided by ksecdd.sys. This significantly cuts the processing overhead involved in negotiating an SSL/TLS connection and in maintaining it during the session. When using kernel mode SSL/TLS, the overhead is approximately 10 percent of capacity to service requests. Because the SSL/TLS handshake process is far more computationally intensive than the communication afterward, the greater the number of shorter sessions, the greater is the impact on a server's performance.

The SSL/TLS Handshake

The process by which a client and a server establish a secure connection is known as the SSL/TLS handshake. The handshake involves the verification of the server's identity (authentication) by the client, as well as a mutual agreement between the client and server as to what encryption ...

Get Professional Microsoft IIS 8 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Professional Microsoft IIS 8 by Kenneth Schaefer, Jeff Cochran, Scott Forsyth, Dennis Glendenning, Benjamin Perkins

Securing a Website with TLS

The SSL/TLS Handshake

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly