Chapter 11 Working with Secure Sockets Layer (SSL)

WHAT’S IN THIS CHAPTER?

Caching SSL sessions with session IDs or session tickets
Setting up an SSL endpoint in HAProxy, Nginx, or Apache
Understanding the performance impacts of key and certificate sizes, as well as cipher suites
Looking toward the future

Secure Sockets Layer (SSL) is the encryption method used to securely transmit data over HTTP, where it is often referred to as HTTPS. Widely used for e-commerce and webmail, the extra overhead involved in setting up the secure channel and encrypting/decrypting data can have an impact on performance — both on server load and responsiveness. In this chapter, you learn how to combat this through a variety of techniques.

The discussion here clarifies the distinction between SSL and Transport Layer Security (TLS), and helps you gauge how big of a performance penalty SSL incurs. You also learn about performance-related aspects of SSL, such as key size and intermediate certificates, as well as about enhancements such as session reuse, session tickets, and how these can work in multiserver environments.

NOTE The terms “SSL” and “TLS” are often used interchangeably, but they are not quite the same thing. The first public release of SSL was version 2.0 in 1995 and, in light of numerous security concerns, this was quickly followed by version 3.0 in 1996. TLS didn’t appear until 1999 and was designed as a replacement for SSL. Since then, there have been two revisions to TLS: version 1.1 ...

Get Professional Website Performance: Optimizing the Front-End and Back-End now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Professional Website Performance: Optimizing the Front-End and Back-End by Peter Smith

Chapter 11

Working with Secure Sockets Layer (SSL)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly