[lug] Raven SSL
Sean Reifschneider
jafo at tummy.com
Thu Jun 29 14:12:54 MDT 2000
On Thu, Jun 29, 2000 at 01:58:41PM -0600, Jef Vratny wrote:
>Anybody had performance issues with the Raven SSL mod and apache?
We've been working with a client on some Raven work. In particular,
they're using a hardware crypto accelerator which only the latest version
of Raven supports (the one released within the last week). I haven't
done any benchmarking though.
>Unning performance testing, and have come accross an odd problem. with SSL
>enabled perfomance slows by 10 to 20 times response times of apache without
>SSL. I know SSL adds extra overhead, but not of this magnatude. Any ideas
>would be appreciated.
An order of magnutude decrease in performance with SSL? Yeah, that
sounds about right... There's a HUGE increase in workload when doing
SSL -- instead of just shoving bits off to the network adapter, the
server now has to do rather complicated math on very large numbers, not
only on connection setup, but also on every byte passed across the
connection.
There's a reason why most sites *ONLY* encrypt the data which is most
important, instead of all of it. hotmail for example only does SSL
on a single page submit which contains your password information.
The CryptoSwift cards aren't cheap, but they are meant to address exactly
this problem.
Sean
--
Whenever possible, steal code.
-- Tom Duff
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the LUG
mailing list