Chapter 11

Working with Secure Sockets Layer (SSL)

WHAT’S IN THIS CHAPTER?

  • Caching SSL sessions with session IDs or session tickets
  • Setting up an SSL endpoint in HAProxy, Nginx, or Apache
  • Understanding the performance impacts of key and certificate sizes, as well as cipher suites
  • Looking toward the future

Secure Sockets Layer (SSL) is the encryption method used to securely transmit data over HTTP, where it is often referred to as HTTPS. Widely used for e-commerce and webmail, the extra overhead involved in setting up the secure channel and encrypting/decrypting data can have an impact on performance — both on server load and responsiveness. In this chapter, you learn how to combat this through a variety of techniques.

The discussion here clarifies the distinction between SSL and Transport Layer Security (TLS), and helps you gauge how big of a performance penalty SSL incurs. You also learn about performance-related aspects of SSL, such as key size and intermediate certificates, as well as about enhancements such as session reuse, session tickets, and how these can work in multiserver environments.

NOTE The terms “SSL” and “TLS” are often used interchangeably, but they are not quite the same thing. The first public release of SSL was version 2.0 in 1995 and, in light of numerous security concerns, this was quickly followed by version 3.0 in 1996. TLS didn’t appear until 1999 and was designed as a replacement for SSL. Since then, there have been two revisions to TLS: version 1.1 ...

Get Professional Website Performance: Optimizing the Front-End and Back-End now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.