On 3. februar 2000 19:49 Tom Mornini wrote:
> 2) Better scalability. I've head (but never benchmarked) that SSL in
> general is 100 times more processor intensive than non-ssl
> connections.
That would have to be if you didn't cache session keys and had to
set up a new symmetric key for every single connection. If you use
the shared memory session caching mechanism that mod_ssl supports,
then the overhead is actually rather small except for the initial
connection.
> I want my mod_perl server running mod_perl, not mod_ssl! In a
> high-volume site you're going to have lots of front-end machines
> underworked anyway, so why not let them do some SSL calculations?
That's certainly possible, but then on the other hand, why even bother
to run a full scale mod_ssl in front? You might as well just choose
a small tunnel/port forwarding app like Stunnel or one of the many other
mentioned at http://www.openssl.org/related/apps.html.
vh
Mads Toftum, QDPH
--
System Designer / Developer
Tele Danmark Nøglecenter - http://www.certifikat.dk/
email: [EMAIL PROTECTED] / [EMAIL PROTECTED]
