Re: Faster encryption
-Original Message- From: [EMAIL PROTECTED] Subject: Faster encryption I noticed a TPS drop (transactions per second) of factor four when I benchmarked my application using 128 bit SSL encryption (5 client threads) compared to non-encrypted benchmarking. I know that the SSL layer is pluggable in Orion, I use the standard one that comes with Orion 1.4.0. Is there a faster implementation of SSL for Java/Orion out there, maybe a native code solution? Or is the standard encryption package already using native code for the most critical sections? I guess not, as I have used C++ packages for encryption previously and not noticed such CPU eating behaviour. Another option is to put Apache in front of your Orion server and let it handle SSL. Since mod_ssl is written in native code with performance in mind, it will generally be faster than a Java implementation. I think the next best alternative is to start load balancing across multiple web servers. Serge Knystautas Loki Technologies http://www.lokitech.com/
RE: Faster encryption
I did a check upon the JSSE spec. It comes in two versions. One for the US and one for non-US countries. The international version does not allow other "service providers" to be plugged-in, thus I am stuck with the slow performance of the Sun JSSE implementation :-((( I hate it when those morons at the US export agency make every effort to hinder the spread of good technology :-( Seems we have to go for hardware encryption to gain speed or set up a cluster of, say, 8 PCs just to get acceptable performance using the JSSE with 128 bit encryption. BTW do anyone know of a native code implementation of JSSE or a significantly faster implementation? /David -Ursprungligt meddelande- Från: Michael S. Kelly [mailto:[EMAIL PROTECTED]] Skickat: den 12 december 2000 01:37 Till: Orion-Interest Ämne: RE: Faster encryption No, SSL will eat up the CPU. It takes CPU cycles to do the encryption, and the more the bits the greater the cost. This is the reason that companies like Intel have developed special hardware devices that will handle the encryption step. -=michael=- == Michael S. Kelly [EMAIL PROTECTED] _ Axian, Inc. [EMAIL PROTECTED] // |_ __(_) ___ _ __ 4800 SW Griffith Dr., Ste. 202 //| |\\/ /| |/ _ \| '_ \ Beaverton, OR 97005 USA _//_| | / / | | |_| | | | | Voice: (503)644-6106 x122 (( // |_|/_/\\|_|\_/|_|_| |_| Fax: (503)643-8425 ``-'' ``-'' http://www2.axian.com Software Consulting and Training == -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Ekholm Sent: Monday, December 11, 2000 1:07 AM To: Orion-Interest Subject: Faster encryption I noticed a TPS drop (transactions per second) of factor four when I benchmarked my application using 128 bit SSL encryption (5 client threads) compared to non-encrypted benchmarking. I know that the SSL layer is pluggable in Orion, I use the standard one that comes with Orion 1.4.0. Is there a faster implementation of SSL for Java/Orion out there, maybe a native code solution? Or is the standard encryption package already using native code for the most critical sections? I guess not, as I have used C++ packages for encryption previously and not noticed such CPU eating behaviour. /David "The Las Vegas of Online Gaming" David Ekholm System Architect Hammarby Kajväg 14, 120 30 Stockholm tel: +46 (0)8 55 69 67 11 mob: +46 (0)70 486 77 38 fax: +46 (0)8 55 69 67 07 icq: 410993
Re: Faster encryption
Yes you can do this, but if you want client authentication how do you configure Orion to get Digital Certificates from Apache. Serge Knystautas wrote: -Original Message- From: [EMAIL PROTECTED] Subject: Faster encryption I noticed a TPS drop (transactions per second) of factor four when I benchmarked my application using 128 bit SSL encryption (5 client threads) compared to non-encrypted benchmarking. I know that the SSL layer is pluggable in Orion, I use the standard one that comes with Orion 1.4.0. Is there a faster implementation of SSL for Java/Orion out there, maybe a native code solution? Or is the standard encryption package already using native code for the most critical sections? I guess not, as I have used C++ packages for encryption previously and not noticed such CPU eating behaviour. Another option is to put Apache in front of your Orion server and let it handle SSL. Since mod_ssl is written in native code with performance in mind, it will generally be faster than a Java implementation. I think the next best alternative is to start load balancing across multiple web servers. Serge Knystautas Loki Technologies http://www.lokitech.com/
Re: Faster encryption
- Original Message - From: "Ismael Blesa Part" [EMAIL PROTECTED] Yes you can do this, but if you want client authentication how do you configure Orion to get Digital Certificates from Apache. I believe you can configure Apache to pass along the SSL certificate information as environment variables, although I've never actually tested or seen this working. I know when you configure mod_ssl, there's a parameter to pass these SSL params to CGI programs, so I would hope this would work with the way Orion puts Apache in front of it (using the reverse proxy). Hmmm...maybe not... maybe something like mod_jk or mod_ajp that Tomcat uses to hook into Apache would work, but the more I think about it, I'm thinking this would be a problem with the Apache-Orion architecture. Sorry... Serge Knystautas Loki Technologies http://www.lokitech.com/
RE: Faster encryption
No, SSL will eat up the CPU. It takes CPU cycles to do the encryption, and the more the bits the greater the cost. This is the reason that companies like Intel have developed special hardware devices that will handle the encryption step. -=michael=- == Michael S. Kelly [EMAIL PROTECTED] _ Axian, Inc. [EMAIL PROTECTED] // |_ __(_) ___ _ __ 4800 SW Griffith Dr., Ste. 202 //| |\\/ /| |/ _ \| '_ \ Beaverton, OR 97005 USA _//_| | / / | | |_| | | | | Voice: (503)644-6106 x122 (( // |_|/_/\\|_|\_/|_|_| |_| Fax: (503)643-8425 ``-'' ``-'' http://www2.axian.com Software Consulting and Training == -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Ekholm Sent: Monday, December 11, 2000 1:07 AM To: Orion-Interest Subject: Faster encryption I noticed a TPS drop (transactions per second) of factor four when I benchmarked my application using 128 bit SSL encryption (5 client threads) compared to non-encrypted benchmarking. I know that the SSL layer is pluggable in Orion, I use the standard one that comes with Orion 1.4.0. Is there a faster implementation of SSL for Java/Orion out there, maybe a native code solution? Or is the standard encryption package already using native code for the most critical sections? I guess not, as I have used C++ packages for encryption previously and not noticed such CPU eating behaviour. /David "The Las Vegas of Online Gaming" David Ekholm System Architect Hammarby Kajväg 14, 120 30 Stockholm tel: +46 (0)8 55 69 67 11 mob: +46 (0)70 486 77 38 fax: +46 (0)8 55 69 67 07 icq: 410993
Re: Faster encryption
[David Ekholm] Is there a faster implementation of SSL for Java/Orion out there, maybe a native code solution? Or is the standard encryption package already using native code for the most critical sections? I guess not, as I have used C++ packages for encryption previously and not noticed such CPU eating behaviour. I've heard of ppl using openssl-based native code solutions, but SSLava with hooks into native calls to dedicated encryption cards/devices is going to make more sense for bigger sites (like Intel :) -- James Manning [EMAIL PROTECTED] GPG Key fingerprint = B913 2FBD 14A9 CE18 B2B7 9C8E A0BF B026 EEBB F6E4
RE: Faster encryption
How about hardware based? I know there are SSL to non-ssl hardware devices that turn all incoming SSL into non-SSL so your web-app is completely non-ssl based, but the web browser to the server (ssl device) is secure. I know there are some that can handle 1000's of ssl transactions per second (but you'll pay big money for those). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Ekholm Sent: Monday, December 11, 2000 1:07 AM To: Orion-Interest Subject: Faster encryption I noticed a TPS drop (transactions per second) of factor four when I benchmarked my application using 128 bit SSL encryption (5 client threads) compared to non-encrypted benchmarking. I know that the SSL layer is pluggable in Orion, I use the standard one that comes with Orion 1.4.0. Is there a faster implementation of SSL for Java/Orion out there, maybe a native code solution? Or is the standard encryption package already using native code for the most critical sections? I guess not, as I have used C++ packages for encryption previously and not noticed such CPU eating behaviour. /David "The Las Vegas of Online Gaming" David Ekholm System Architect Hammarby Kajväg 14, 120 30 Stockholm tel: +46 (0)8 55 69 67 11 mob: +46 (0)70 486 77 38 fax: +46 (0)8 55 69 67 07 icq: 410993