"Ralf S. Engelschall" wrote:
> On Wed, Sep 29, 1999, Brian Behlendorf wrote:
> > On Tue, 28 Sep 1999, Joe McMahon wrote:
> > > > My Apache 1.3.9 server sends out images encrypted.
> > > >
> > > > How can I send images not encrypted and save some resources.
> > > >
> > > mod_proxy plus mod_rewrite is your friend.
> > >
> > > Create a fake URL for the graphics, say https://your.com/redirect_me/my.gif.
> > >
> > > RewriteEngine on
> > > RewriteRule ^redirect_me/(.*) http://your.com/$1 [P]
> > >
> > > I've forgotten the necessaries for turning on mod_proxy, but you get the idea.
> > > The request is made securely, and the redirection is done silently inside
> > > Apache.
> >
> > Doesn't this still mean those images are encrypted on their way out? The
> > point is to eliminate the overhead of SSL encryption.
>
> Yeah, the above is useless, because it just adds another useless indirection
> internally. With the above the data flows first through HTTP into mod_proxy
> and then via HTTPS to the client, so the data is still encrypted and
> additionally all you received is more load and increased request time on the
> server.
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
>
Another point here is that for most applications, the main performance
hit for an SSL session is in the public-key/private-key calculations to
establish the session on the first visit within a browser session to an
SSL server. The CPU requirements for RC4 encryption within an SSL session
are pretty small compared to that.
For example, on three Sun Ultra 2300 servers (2 x 300 MHz Ultra SPARC) I
have running Apache + mod_ssl + openssl + RSAREF, the openssl (0.94)
benchmarks indicate that the server CPU used for the browser's first
visit since startup to one of these servers takes about 0.5 CPU seconds.
But that openssl RC4 (the most likely secret-key symmetric cipher negotiated
with Netscape or MSIE browsers) can encrypt about 12 *megabytes* of data in
about the same CPU time. RC4 is pretty lightweight for a strong cipher.
So are you sure encrypting those images/files is costing you *that* much
in terms of server CPU resources?
(Of course, if you're running a porn/mp3/warez download site, they
*might* be;-)
You can run these openssl benchmarks on your server by cd'ing
to the opennssl directory in your apache/mod_ssl/openssl source
directory and running
apps/openssl speed
--------------------------
Ed Kubaitis - [EMAIL PROTECTED]
CCSO - University of Illinois at Urbana-Champaign
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
