the good news is there's nothing much you can do to optimize tomcat's SSL. The bad
news is SSL is CPU intensive. the most reliable way to improve SSL performance is to
get a hardware accelerator. People tend to disagree on this, but I am biased in favor
of using hardware acceleration.
from the old benchmarks Remy and I ran, 20 concurrent connections is the limit for
SSL. fewer if you have lots of graphics. Even though a 2ghz CPU webserver can handle
10 concurrent SSL connection and stay around 50% CPU usage, I personally wouldn't want
to do that. On a 400-500mhz CPU 5-8 is the limit. I hope that helps.
peter
Jeremy Conner <[EMAIL PROTECTED]> wrote:
Is there any way to optimize Tomcat's SSL implementation?
Can I change the protocol to only use 40 bit encryption?
Can I change the default keep alive time for the SSL session?
Are there any other values for 'protocol' other than TLS?
I am running a web app that is using Axis for web service communication
to alot of client apps. These apps communicate to the server every 30
seconds. I would like a way to cache the SSL session so that
handshaking is not happening every time.
It looks like the typical answer to optimizing SSL is to not use Tomcat
for SSL and use Apache. Is that really the recommended solution?
Here is my current config:
className="org.apache.catalina.connector.http.HttpConnector"
port="8443"
minProcessors="5"
maxProcessors="100"
connectionTimeout="60000"
enableLookups="true"
acceptCount="10"
debug="0"
scheme="https"
secure="true">
className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="true"
protocol="TLS"
keystoreFile="/serverKeys"
keystorePass="password"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger
