Re: Mod_ssl and how to reduce overhead
Hi, A few words about intended usage would be of great help. - How many concurrent users - Type of transactions - You really think the http front is going to be you bottle neck? or are there back end systems that will pose a greater problem (I would think so) Why not just use a normal server as ssl accelerator? I know several SSL accelerator "appliancees" that are just that anyway. Unless you have specific keyhandling requirements (FIPS140-3 or something), using normal server hardware is much cheaper. regards martin On 26/09/2005, at 14.35, Pigeon wrote: Hello, I am trying to plan a system that can handle 10k-100k users. I am only using apache w/mod-ssl What should I look at to reduce overhead of bandwidth/cpu/mem? At what point should I look at ssl accelerators? Should I definitly look at clustering? Also.. I ahve heard about ssl session key caching, anyone know how much this will improve things? Any good resources I can read? thanks! Lee __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Problem with colon in subject DN when using FakeBasicAuth
Hi, I'm using FakeBasicAuth with Apache which works fine with most user certificates. However, user certificates with colons in the subject doesn't work. The following illustrates the problem - FakeBasicAuth works with a user entry like: /CN=Martin Strandbygaard/C=Denmark/L=Copenhagen/ [EMAIL PROTECTED] But not with the following entry: /C=DK/O=Ingen organisatorisk tilknytning/CN=Martin Strandbygaard Jensen/serialNumber=PID:9802-2002-2-529764104948:xxj31ZMTZzkVA Notice the colon after the "PID" part. I get the following error in the apache log: [Sun Sep 11 17:14:24 2005] [error] [client 10.0.2.2] user /C=DK/ O=Ingen organisatorisk tilknytning/CN=Martin Strandbygaard Jensen/ serialNumber=PID not found: /test/test.php From this I gather that the problem is the colon after the PID part. I've tried the usual ways of escaping the colon, as well as the entire string, but nothing has worked so far. Does anyone know how to deal with colons in the subject? (they're government issued certificates, that follow a specific template, so removing the colon is not an option). Regards Martin Strandbygaard __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]