| |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Hello and welcome to CertForums.co.uk, here we host free active certification forums with links to the best free resources for Microsoft's MCSA MCSE MCDBA Cisco's CCNA CCDA and CCNP, and CompTIA's A+ Network+ i-NET+ and Security+ certifications in the UK. If you wish to post or use other advanced features you will need to register first. Registration is absolutely free and takes only a few minutes to complete so sign up today! If you have any problems with the registration process or your account login, please contact support |
|
|||||||
| Home | Forums | Community | Register | Search | Today's Posts | Mark Forums Read |
|
|
|
SSL Overheads? |
  |
|
|
Thread Tools | Display Modes |
|
#1
08-May-2008, 09:56 AM
|
|||||
|
|||||
|
SSL Overheads?
Hi,
I have several business sites all using SSLs from login screen down so all my sites are secured on 443. I am noticing some lag in the site on occasions which causes errors with .NET, we dont partuclary have high hits on the site but I guess the data side is quite hard. I am thinking of retaining the login page as SSL but after that dropping it to normal http to see if that will ease the overheads. Has anyone done this before, does it help? Also are there any serious security implications, we are regulated by FSA so have to be careful with data security.. Thanx
|
|
|
|
#2
08-May-2008, 10:05 AM
|
||||
|
||||
|
SSL should be used for all pages that contain sensitive information to protect from sniffing, this mainly includes pages with forms but could also include other pages if you have reports or other sensitive information. If its an intranet site or the information is not massively sensitive then you can just rely on the initial authorisation as you infer and take the risk of your packets getting captured.
You could consider SSL offload to another device or other tuning of your application, its not clear that SSL is the issue, it might be other parts of your infrastructure or the design of the app.
|
|
#3
08-May-2008, 11:15 AM
|
|||||
|
|||||
|
Hi & thanx for the reply.
I know the risks are high but I have been left with online apps developed by people with no regard to bandwidth or end user experience.. This is most noticeable with Ajax code when a user moves through the page quickly, the code cant catch up due to bandwidth limits [their end or mine], and eventually errors, not nice looking.. I do know the SSL is at least partly responsible, as our "pre-live" enviroment has no SSL and much better response times and very little errors, hence the reason I was thinking of implementing this in live servers. Another factor would be the hardware firewall with IDS/IPS and Gateway AV but the "pre-live" is behind this too.. Cheers
|
|
#4
08-May-2008, 03:38 PM
|
||||
|
||||
|
I would say that it would be a somewhat underpowered machine that would be slowed noticeably by the encryption stuff.
And pre-live systems are often faster because the database is small and can be cached. Once it starts to grow then you hit the disk more often. You could try more memory in there? Harry.
|
Spread this thread:
|
|
|
|
||||||
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Publishing a Windows Server 2008 SSL VPN Server Using ISA 2006 Firewalls | Mitzs | Networking | 1 | 04-Mar-2008 05:31 AM |
| SSL over Wireless | Boyce | Wireless Networking | 2 | 24-Aug-2006 02:32 PM |
| FREE SSL and Digital Certificate Guide | wagnerk | Training & Development | 0 | 07-Jun-2006 08:09 PM |
| Microsoft to Acquire Whale Communications, a Leading Provider of SSL VPN... | Mr.Cheeks | News | 0 | 22-May-2006 04:40 PM |
| SSL | Phoenix | Problems, Suggestions & Comments | 1 | 06-Sep-2005 08:49 AM |
All times are GMT +1. The time now is 12:27 PM.