That really doesn't come close to answering my question. I know what SSL accelerators
do, and how they can help and how they can't help. What I need to know is what is
needed to get apache+modssl to *USE* the accelerator. Do I need to add things to the
config? Do I need to pray to some unnamed diety?
-miah
On Thu, Jul 12, 2001 at 02:31:09PM -0500, Gonyou, Austin wrote:
> I've written several pieces to this list and the apache list about using
> hardware acceleration for SSL. Most SSL accelerators today either work with
> openssl/modssl or are independant. The nCipher cryptoswift PCI card or
> Rainbow Technologies PCI cards work with openssl/modssl. The only thing to
> keep in mind, for the price you pay, it would be more prudent to just buy a
> newer server and loadballance your HTTPS farm. Not only do you have more
> distribution, but you have failover ability as well and degraded capability
> in the event of an outage, instead of no capability. Also, SSL Accelerators
> are only good for a large enough amount of content across persistent SSL
> sessions. That means that if your customers/browsers are viewing EVERY PAGE
> in SSL or every page they visit in SSL is >5KB and you have several of them
> they will hit that way, then you might benefit from using SSL acclerators.
> Also, if you have an SSH server, it can also benefit and allow MUCH more
> concurrent persistent connections during those types of sessions as well.
> Another type of system which can benefit from SSL accelerators is the
> all-in-one http/https/application/db server which get's hit pretty hard if
> you've got that much stuff serving from the same box. If you HAVE to keep
> that model, then it might be a good idea to use an Acclerator to offload
> handshake data from the processors. Also, if people are constantly making
> SSH connections and transferring encrypted data from a DB server, that's a
> good way to keep the cpu load low, if many connections are occurring all the
> time. Hope this helps. There are also lots of SSL acclerator boxes you can
> by for use on the network, which will proxy all SSL, ssh, etc and pass data
> unencrypted, or encrypted, but no handshake, to the target host. Intel,
> nCipher, Rainbow, F5, and Dell are the ones who come to mind in that arena.
>
> --
> Austin Gonyou
> Systems Architect, CCNA
> Coremetrics, Inc.
> Phone: 512-796-9023
> email: [EMAIL PROTECTED]
>
> > -----Original Message-----
> > From: JJohnson [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 12, 2001 1:14 PM
> > To: [EMAIL PROTECTED]
> > Subject: Hardware Acceleration using OpenSSL-engine
> >
> >
> >
> > I haven't really seen any documentation on using the hardware
> > acceleration that openssl-engine can provide when using it
> > with modssl. I've seen the issue brought up a few times, but
> > I can't find any answers to this topic. Can somebody point
> > me to the relevant documentation or list archive that has this info?
> >
> >
> > Thanks
> > -miah
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
