SSL Protocol Flow Diagram / ssl_handcheck2.png (PNG Image, 640x763 pixels)
http://alohalb.files.wordpress.com/2011/09/ssl_handcheck2.png?w=640&h=763 Thanks to Aloha LoadBalncer people for nice SSL protocol diagram
Ssl
SSL termination: stunnel, nginx & stud | Vincent Bernat
http://vincent.bernat.im/en/blog/2011-ssl-benchmark.html Interesting test results comparing and analyzing SSL performance. Using right combination of software and proper tunning, you can get up to 14000 TPS (re-shake every 80 requests) on HP DL 380 G7, with two Xeon L5630 (running at 2.13GHz for a total of 8 cores), without hyperthreading, using a 2.6.39 kernel (HZ is set to 250) and two Intel 82576 NIC.
SSL termination: stunnel, nginx & stud | Vincent Bernat
http://vincent.bernat.im/en/blog/2011-ssl-benchmark.html Interesting test results comparing and analyzing SSL performance. Using right combination of software and proper tunning, you can get up to 14000 TPS (re-shake every 80 requests) on HP DL 380 G7, with two Xeon L5630 (running at 2.13GHz for a total of 8 cores), without hyperthreading, using a 2.6.39 kernel (HZ is set to 250) and two Intel 82576 NIC.
Benchmarking SSL performance | Exceliance – Aloha Load Balancer
http://blog.exceliance.fr/2011/09/16/benchmarking_ssl_performance/ SSL perfomance benchmark on Atom D510 ( dual core 1.6 GHz ). (STUD/OpenSSL 0.9.8) . With re-negotiation every 100 requests and object size = 4K, 2300 SSL Req/Sec on Intel Atom!
Benchmarking SSL performance | Exceliance – Aloha Load Balancer
http://blog.exceliance.fr/2011/09/16/benchmarking_ssl_performance/ SSL perfomance benchmark on Atom D510 ( dual core 1.6 GHz ). (STUD/OpenSSL 0.9.8) . With re-negotiation every 100 requests and object size = 4K, 2300 SSL Req/Sec on Intel Atom!
BlackHat USA 2011: SSL And The Future Of Authenticity - YouTube
http://www.youtube.com/watch?v=Z7Wl2FW2TcA
BlackHat USA 2011: SSL And The Future Of Authenticity - YouTube
http://www.youtube.com/watch?v=Z7Wl2FW2TcA MOXIE MARLINSPIKE talk at BlackHat USA 2011 about current problems with SSL and CA sustem, and the feature of SSL w/out CAs.
A message from Comodo Hacker - Pastebin.com
http://pastebin.com/74KXCaEZ [also see LWN’s write-up https://lwn.net/Articles/435214/ .] Curios message [allegedly] from a person who hacked into Comodo CA. Makes you wonder … Basically the whole SSL trust is just a piece of crap and cannot be trusted at all – major CA have thousands of reseller accounts protected only by username/password combination and ANY such account could be used to sign ANY certificate, i.e. amazom.com, yourbank.com, etc.
o3 magazine | Open Source SSL Acceleration
http://www.o3magazine.com/4/a/0/2.html Article about SSL termination with NGINX. In sort: 2 x 4 core AMD 2.5GHz == 25000 SSL TPS
ImperialViolet - Overclocking SSL
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html Notes from google ppl about their optimizations for SSL connections.