We offload all the SSL using a loadbalancer. It takes the issue away from the web application completely.
We get the LB to append an extra flag to the HTTP header so we can still test in the app if the connection is secure. The advantage of doing this is: - Makes setting web servers up easier, they don't need to know anything about SSL - Only one cert instance to renew - You get an unencrypted domain name in the header if your app runs in different configurations depending on the domain (this was a major issue for us with IIS) - Speed, the SSL overhead is handled by a dedicated device We're using a Zeus ZXTM, but it looks like it can be done with OSS: http://o3magazine.com/4/a/0/2.html MK 2009/8/2 Ashley Moran <[email protected]>: > > > On 2 Aug 2009, at 14:00, Dave Spurr wrote: > >> Ah, I thought it did I had a figure of about 30% in my head from >> somewhere - but my search for proof of that fact didn't get me >> anywhere >> so I must be wrong. However it does appear that browsers may need an >> extra push to ensure they cache content served via HTTPS >> http://stackoverflow.com/questions/174348/will-web-browsers-cache-content-over-https > > Worth knowing! That's something I'd never thought about. Thanks for > the link. > > Ashley > > -- > http://www.patchspace.co.uk/ > http://www.linkedin.com/in/ashleymoran > http://aviewfromafar.net/ > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NWRUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nwrug-members?hl=en -~----------~----~----~----~------~----~------~--~---
