https://istlsfastyet.com/ Published on Jul 24, 2014 “TLS has exactly one performance problem: not enough sites are using it. Everything else can and will be optimized. A hands on look at how to achieve 1-RTT handshakes, eliminate validation latency, and more.” Slides: bit.ly/fastTLS by Ilya Grigorik ( @ google) . See the bottom of the page on Nginx configs on how to improve TLS performance
https://securehomes.esat.kuleuven.be/~gacar/persistent/index.html
https://en.wikipedia.org/wiki/CRIME_(security_exploit) from http://tech.slashdot.org/story/13/07/09/1455200/ It works like this. You visit a site that has malicious JavaScript which sends a HTTPS request to some site (like your bank). This request will include whatever known plain-text that the JavaScript wants to send, plus any cookies you have stored for the target site, possibly including authentication cookies. If the plain text happens to match part of that authentication cookie, then the compressed headers will be smaller than if they if they don’t match. If the attacker can monitor this encrypted traffic and see the sizes of the packets, then they can systematically select the known plaintext to slowly learn the value of the authentication cookie. This can be done today in about half an hour. And the attack setup is feasible - consider a public WiFi access point that requires you to keep a frame open in order to use their WiFi. This gives them both the MITM and JavaScript access needed to perfo… ...
https://en.wikipedia.org/wiki/CRIME_(security_exploit) from http://tech.slashdot.org/story/13/07/09/1455200/ It works like this. You visit a site that has malicious JavaScript which sends a HTTPS request to some site (like your bank). This request will include whatever known plain-text that the JavaScript wants to send, plus any cookies you have stored for the target site, possibly including authentication cookies. If the plain text happens to match part of that authentication cookie, then the compressed headers will be smaller than if they if they don’t match. If the attacker can monitor this encrypted traffic and see the sizes of the packets, then they can systematically select the known plaintext to slowly learn the value of the authentication cookie. This can be done today in about half an hour. And the attack setup is feasible - consider a public WiFi access point that requires you to keep a frame open in order to use their WiFi. This gives them both the MITM and JavaScript access needed to perfo… ...
https://github.com/richievos/remote_includes how assemble your pages from HTML partials on the client, front-end or CDN edge.
https://github.com/richievos/remote_includes how assemble your pages from HTML partials on the client, front-end or CDN edge.
https://gist.github.com/0b3b52050254e273ff11 Example of high performance nginx config (no SSL), for single server hardware, ~ 0.5M client connections. (found on nginx mailing list)
https://gist.github.com/0b3b52050254e273ff11 Example of high performance nginx config (no SSL), for single server hardware, ~ 0.5M client connections. (found on nginx mailing list)
https://gist.github.com/0b3b52050254e273ff11 Example of high performance nginx config (no SSL), for single server hardware, ~ 0.5M client connections. (found on nginx mailing list)
http://code.google.com/p/naxsi/ rules + machine learning-based WAF for NGINX. A new, yet very promising project. A replacement for apache’s mod_security