摘录


SSL operations consume extra CPU resources. On multi-processor systems several worker processes should be run, no less than the number of available CPU cores. The most CPU-intensive operation is the SSL handshake. There are two ways to minimize the number of these operations per client: the first is by enabling keepalive connections to send several requests via one connection and the second is to reuse SSL session parameters to avoid SSL handshakes for parallel and subsequent connections. The sessions are stored in an SSL session cache shared between workers and configured by the ssl_session_cache directive. One megabyte of the cache contains about 4000 sessions. The default cache timeout is 5 minutes. It can be increased by using the ssl_session_timeout directive. Here is a sample configuration optimized for a multi-core system with 10 megabyte shared session cache:

点评

NULL

原文

点击这里查看原文

其它

本帖内容由21QA云收藏工具自动生成,欢迎使用。

系统消息 若觉得内容不错,请点击左上角的"赞"图标,以优化网站的内容呈现。 另外,请及时验证注册邮箱,否则收不到21QA发出的红包。 官方Q群:250203055

asked 14 Nov '17, 20:47

%E8%B7%AF%E4%BA%BA%E7%94%B2's gravatar image

路人甲
131528584620


1

2 The SSL session cache independently maintains connection data for server and client connections after establishing a secured session. With the SSL session cache, the DataPower appliance can use the connection data from previously negotiated sessions. Resuming a session does not require the exchange of a cipher suite or certificate between the client and the server, which reduces the time of a full handshake. Each SSL handshake generates an SSL session ID. After establishing a secured SSL session, the client and the server independently cache the initial session ID.

3 To establish a SSL connection, four messages need to be exchanged between client and server. With a latency of 50 ms, we have a 200 ms overhead to establish the connection (plus TCP handshake). Moreover, to share a common secret, both the client and the server needs to achieve some public-key cryptographic operations which are costly, computation-wise.

系统消息 若觉得内容不错,请点击左上角的"赞"图标,以优化网站的内容呈现。 另外,请及时验证注册邮箱,否则收不到21QA发出的红包。 官方Q群:250203055
permanent link

answered 14 Nov '17, 20:48

%E8%B7%AF%E4%BA%BA%E7%94%B2's gravatar image

路人甲
131528584620

编辑于 14 Nov '17, 20:49

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link: [text](http://url.com/ "title")
  • image: ![alt](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×747
×6
×2

question asked: 14 Nov '17, 20:47

question was seen: 785 times

last updated: 14 Nov '17, 20:49

powered by O*S*Q*A

粤ICP备14040061号-1