Working with Secure Sockets Layer (SSL)
WHAT’S IN THIS CHAPTER?
- Caching SSL sessions with session IDs or session tickets
- Setting up an SSL endpoint in HAProxy, Nginx, or Apache
- Understanding the performance impacts of key and certificate sizes, as well as cipher suites
- Looking toward the future
Secure Sockets Layer (SSL) is the encryption method used to securely transmit data over HTTP, where it is often referred to as HTTPS. Widely used for e-commerce and webmail, the extra overhead involved in setting up the secure channel and encrypting/decrypting data can have an impact on performance — both on server load and responsiveness. In this chapter, you learn how to combat this through a variety of techniques.
The discussion here clarifies the distinction between SSL and Transport Layer Security (TLS), and helps you gauge how big of a performance penalty SSL incurs. You also learn about performance-related aspects of SSL, such as key size and intermediate certificates, as well as about enhancements such as session reuse, session tickets, and how these can work in multiserver environments.