[106179] in North American Network Operators' Group
Re: https
daemon@ATHENA.MIT.EDU (Sam Stickland)
Thu Jul 24 07:50:32 2008
Date: Thu, 24 Jul 2008 12:50:16 +0100
From: Sam Stickland <sam_mailinglists@spacething.org>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
In-Reply-To: <20080724040558.5b20e1c2@cs.columbia.edu>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
Steven M. Bellovin wrote:
> As for CPU time -- remember that most web site visits are very short;
> this in turn means that you have to amortize the SSL setup expense over
> very few pages. I talked once with a competent system designer who
> really wanted to use https but couldn't -- his total system cost would
> have gone up by a factor of 10.
>
We handle the SSL decryption on the front-end load-balancers (hardware
assisted). For financial transactions the load-balancers also maintain
long-lived SSL connections to the webservers, that the decrypted data is
pipelined into. This avoids the expensive session setup and teardown on
the servers.
Sam
