https
Sam Stickland
sam_mailinglists at spacething.org
Thu Jul 24 11:50:16 UTC 2008
Steven M. Bellovin wrote:
> As for CPU time -- remember that most web site visits are very short;
> this in turn means that you have to amortize the SSL setup expense over
> very few pages. I talked once with a competent system designer who
> really wanted to use https but couldn't -- his total system cost would
> have gone up by a factor of 10.
>
We handle the SSL decryption on the front-end load-balancers (hardware
assisted). For financial transactions the load-balancers also maintain
long-lived SSL connections to the webservers, that the decrypted data is
pipelined into. This avoids the expensive session setup and teardown on
the servers.
Sam
More information about the NANOG
mailing list