24 Jul
2008
24 Jul
'08
7:50 a.m.
Steven M. Bellovin wrote:
As for CPU time -- remember that most web site visits are very short; this in turn means that you have to amortize the SSL setup expense over very few pages. I talked once with a competent system designer who really wanted to use https but couldn't -- his total system cost would have gone up by a factor of 10.
We handle the SSL decryption on the front-end load-balancers (hardware assisted). For financial transactions the load-balancers also maintain long-lived SSL connections to the webservers, that the decrypted data is pipelined into. This avoids the expensive session setup and teardown on the servers. Sam