Mobile app version of vmapp.org
Login or Join
Fox8124981

: 2048 bit SSL overhead Can you guys help me learn some ssl networking basics plz? What is a SSL transaction (a full handshake?) Why do people think 2k ssl will melt netscalers (ssl trans/sec

@Fox8124981

Posted in: #Https

Can you guys help me learn some ssl networking basics plz?


What is a SSL transaction (a full handshake?)
Why do people think 2k ssl will melt netscalers (ssl trans/sec exceed
netscaler max ssl trans/sec?)
Can't you install ssl on a cdn's edge nodes to save thecomputational
overhead on netscalers?


Thanks

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Fox8124981

1 Comments

Sorted by latest first Latest Oldest Best

 

@Chiappetta492

Most times the expression "SSL transaction" is used it just means "a transaction protected by SSL"; otherwise, your interpretation is correct - it means the initial (full or simplified) handshake, where client and server exchange keys to be used from then on to protect messages.

Under the first interpretation, every request made after the initial handshake would still be protected by SSL, though stricly speaking it wouldn't be a "SSL Transaction" since there's no need for further key exchange. The overhead should be minimal (just a few more bytes per request/response), so the impact in performance should be very low.

Old versions of NetScaler in fact seems to have trouble with 2048-bit SSL, but I'm unsure why. However, newer versions have already adapted to it, so it shouldn't be a problem anymore. Besides, while the handshake is indeed somewhat expensive, the rest is actually very lightweight.

As for your last question, using SSL on a CDN would only protect your static media, but you'd still need to protect the dynamic messages exchanged (even more so). Besides, there are security arguments against using SSL on CDNs (in short, it gives a false sense of security) and, naturally, you'd need to use a different certificate for your site and the CDN - you wouldn't want to give your private keys to a third-party, no matter how trusted, right?

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme