: 2048 bit SSL overhead Can you guys help me learn some ssl networking basics plz? What is a SSL transaction (a full handshake?) Why do people think 2k ssl will melt netscalers (ssl trans/sec

@Chiappetta492

Most times the expression "SSL transaction" is used it just means "a transaction protected by SSL"; otherwise, your interpretation is correct - it means the initial (full or simplified) handshake, where client and server exchange keys to be used from then on to protect messages.

Under the first interpretation, every request made after the initial handshake would still be protected by SSL, though stricly speaking it wouldn't be a "SSL Transaction" since there's no need for further key exchange. The overhead should be minimal (just a few more bytes per request/response), so the impact in performance should be very low.

Old versions of NetScaler in fact seems to have trouble with 2048-bit SSL, but I'm unsure why. However, newer versions have already adapted to it, so it shouldn't be a problem anymore. Besides, while the handshake is indeed somewhat expensive, the rest is actually very lightweight.

As for your last question, using SSL on a CDN would only protect your static media, but you'd still need to protect the dynamic messages exchanged (even more so). Besides, there are security arguments against using SSL on CDNs (in short, it gives a false sense of security) and, naturally, you'd need to use a different certificate for your site and the CDN - you wouldn't want to give your private keys to a third-party, no matter how trusted, right?

Vote Up Vote Down