摘录


SSL operations consume extra CPU resources. On multi-processor systems several worker processes should be run, no less than the number of available CPU cores. The most CPU-intensive operation is the SSL handshake. There are two ways to minimize the number of these operations per client: the first is by enabling keepalive connections to send several requests via one connection and the second is to reuse SSL session parameters to avoid SSL handshakes for parallel and subsequent connections. The sessions are stored in an SSL session cache shared between workers and configured by the ssl_session_cache directive. One megabyte of the cache contains about 4000 sessions. The default cache timeout is 5 minutes. It can be increased by using the ssl_session_timeout directive. Here is a sample configuration optimized for a multi-core system with 10 megabyte shared session cache:

点评

NULL

原文

点击这里查看原文

其它

本帖内容由21QA云收藏工具自动生成,欢迎使用。

系统消息 若觉得内容不错,请点击左上角的"赞"图标,以优化网站的内容呈现。 另外,请及时验证注册邮箱,否则收不到21QA发出的红包。 官方Q群:250203055

提问于 14 十一月 '17, 20:47

%E8%B7%AF%E4%BA%BA%E7%94%B2's gravatar image

路人甲
131306508578


1

2 The SSL session cache independently maintains connection data for server and client connections after establishing a secured session. With the SSL session cache, the DataPower appliance can use the connection data from previously negotiated sessions. Resuming a session does not require the exchange of a cipher suite or certificate between the client and the server, which reduces the time of a full handshake. Each SSL handshake generates an SSL session ID. After establishing a secured SSL session, the client and the server independently cache the initial session ID.

3 To establish a SSL connection, four messages need to be exchanged between client and server. With a latency of 50 ms, we have a 200 ms overhead to establish the connection (plus TCP handshake). Moreover, to share a common secret, both the client and the server needs to achieve some public-key cryptographic operations which are costly, computation-wise.

系统消息 若觉得内容不错,请点击左上角的"赞"图标,以优化网站的内容呈现。 另外,请及时验证注册邮箱,否则收不到21QA发出的红包。 官方Q群:250203055
永久链接

回答于 14 十一月 '17, 20:48

%E8%B7%AF%E4%BA%BA%E7%94%B2's gravatar image

路人甲
131306508578

编辑于 14 十一月 '17, 20:49

你的回答
切换预览

你可以使用订阅来关注这个问题

使用邮箱订阅:

登录后可以订阅更新

使用RSS订阅:

回答

回答与评论

文字标记基础知识

  • *斜体文字* 或者 _斜体文字_
  • **黑体文字** 或者 __黑体文字__
  • 插入超链接: [链接文字](http://url.com/ "标题")
  • 插入图片: ![alt](/path/img.jpg "标题")
  • 编号排列: 1. Foo 2. Bar
  • 输入换行符前请输入两个空格(即:空空回车),仅敲回车无效。
  • 支持基本的HTML标签的使用

问题的标签:

×579
×4
×2

问题发表于: 14 十一月 '17, 20:47

问题被查看: 492 次

最近更新: 14 十一月 '17, 20:49

powered by O*S*Q*A

粤ICP备14040061号-1