Proto Balance SSL - SSL offloading for performance web sites - Download Now!!!

SSL Acceleration .info

Thursday, 24-Apr-2014 11:08:14 GMT
Visitor number 32697

What is SSL Acceleration?

SSL (also called TLS) is a CPU-intensive protocol - especially on the server side. SSL acceleration refers to specialized hardware or appliances that can perform "SSL offloading", where the CPU-intensive part of the SSL transaction is executed much faster than would otherwise by commodity hardware and software.

SSL acceleration is sometimes called "web acceleration", "e-commerce acceleration", "SSL load balancing", "crypto acceleration", "crypt offloading", "SSL offloading", and various other terms. The industry seems yet to have standardized on terminology.

How SSL works

SSL means Secure Socket Layer. When SSL was defined by the IETF it was renamed to TLS (Transport Layer Security).

SSL is the encryption of a TCP protocol like SMTP or HTTP. Many TCP protocols are standardized to operate within SSL as a secure alternative to their legacy implementations. The most common example is HTTP/1.1 - i.e. regular web traffic, but SMTP/POP/IMAP (email) and other protocols can also operate over SSL. All popular web browsers and web servers support SSL. SSL is the s in an https:// URL compared to an insecure http:// URL.

For example, here is the raw TCP traffic (sniffed off the wire) of a regular HTTP/1.1 download of a single HTML page using Mozilla:

unencrypted HTTP raw traffic dump

And here the download is repeated, but with SSL encryption enabled:

SSL-encrypted HTTP raw traffic dump

An SSL session is a single bidirectional stream between two machines on a particular TCP port. The red represents bytes of data sent to the web server, while the blue represents bytes of data downloaded from the web server. You can see that regular HTTP does two exchanges: the request and the response, whereas SSL does a lot more handshaking. The extra handshaking is the authentication and exchange of encryption keys. It's in between these handshakes that your web server is eating massive amounts of CPU.

For encrypted web traffic, the TCP port over which SSL works is TCP port 443.

The SSL protocol is officially defined by the IETF in RFC 2246 (v1.0) and RFC 4346 (v1.1).