RE: How to optimize Tomcat SSL
yup, you sure can if you're willing to subject the users to the annoying message. What some people do is get a dedicated image server and setup https on it. that way, you don't get the annoying warning and you don't impact the webserver doing the real work. peter Gabi <[EMAIL PROTECTED]> wrote: I write only to comment that you can support more connections if you serve pages through https BUT images from http. (You'll remember many https pages where the browser warms you something like "this page contains insecure elements or something similar... >from the old benchmarks Remy and I ran, 20 concurrent connections is the limit for SSL. fewer >if you have lots of graphics. Even though a 2ghz CPU webserver can handle 10 concurrent SSL > ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!
RE: How to optimize Tomcat SSL
I write only to comment that you can support more connections if you serve pages through https BUT images from http. (You'll remember many https pages where the browser warms you something like "this page contains insecure elements or something similar... >from the old benchmarks Remy and I ran, 20 concurrent connections is the limit for SSL. fewer >if you have lots of graphics. Even though a 2ghz CPU webserver can handle 10 concurrent SSL > ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to optimize Tomcat SSL
We use Apache HTTP on the front for SSL. Makes a world of difference. Cheers, Alex. Jeremy Conner wrote: Is there any way to optimize Tomcat's SSL implementation? Can I change the protocol to only use 40 bit encryption? Can I change the default keep alive time for the SSL session? Are there any other values for 'protocol' other than TLS? I am running a web app that is using Axis for web service communication to alot of client apps. These apps communicate to the server every 30 seconds. I would like a way to cache the SSL session so that handshaking is not happening every time. It looks like the typical answer to optimizing SSL is to not use Tomcat for SSL and use Apache. Is that really the recommended solution? Here is my current config: port="8443" minProcessors="5" maxProcessors="100" connectionTimeout="6" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> clientAuth="true" protocol="TLS" keystoreFile="/serverKeys" keystorePass="password"/> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to optimize Tomcat SSL
the good news is there's nothing much you can do to optimize tomcat's SSL. The bad news is SSL is CPU intensive. the most reliable way to improve SSL performance is to get a hardware accelerator. People tend to disagree on this, but I am biased in favor of using hardware acceleration. from the old benchmarks Remy and I ran, 20 concurrent connections is the limit for SSL. fewer if you have lots of graphics. Even though a 2ghz CPU webserver can handle 10 concurrent SSL connection and stay around 50% CPU usage, I personally wouldn't want to do that. On a 400-500mhz CPU 5-8 is the limit. I hope that helps. peter Jeremy Conner <[EMAIL PROTECTED]> wrote: Is there any way to optimize Tomcat's SSL implementation? Can I change the protocol to only use 40 bit encryption? Can I change the default keep alive time for the SSL session? Are there any other values for 'protocol' other than TLS? I am running a web app that is using Axis for web service communication to alot of client apps. These apps communicate to the server every 30 seconds. I would like a way to cache the SSL session so that handshaking is not happening every time. It looks like the typical answer to optimizing SSL is to not use Tomcat for SSL and use Apache. Is that really the recommended solution? Here is my current config: className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="100" connectionTimeout="6" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="true" protocol="TLS" keystoreFile="/serverKeys" keystorePass="password"/> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger