Fog Creek Software
Discussion Board

SSL - Is dedicated hardware a requirement?

To use SSL - does one need a dedicated piece of hardware/software?

Ram Dass
Thursday, March 4, 2004

I assume by "To use SSL" you mean to serve web pages.  Most web servers can use SSL without additional software.  There is dedicated hardware available to enhance performance.

Thursday, March 4, 2004

There are a number of affordable SSL accelerator appliances available that can offload the CPU hogging of SSL encryption. It can make a big difference if you expect many simultaneous sessions.

Thursday, March 4, 2004

However, if the effective number of business transactions per second handled by your server is minimal (those are the ones requiring the SSL--remember?) due to large transactions, you might as well assume what the Athlon/Pentium can pull off is good enough.

If you are hitting secured traffic of more than say 10 megabits per second, you should worry.

Li-fan Chen
Thursday, March 4, 2004

One of the primary reasons that people offload SSL to dedicated hardware, apart from offloading processing, is to support load-balancing - Setting up and tearing down SSL connections is very expensive, but maintaining a session is very cheap. On the flip side, a maintained connection ties a connection to one web server, which may not best facilitate load balancing or failovers. This is why people have the keep alive SSL connection at dedicated hardware, and the actual requests can be load balanced/failovered on the web server side.

Dennis Forbes
Thursday, March 4, 2004

There is another theoretical reason to use hardware SSL which is that software can be "modified" remotely whereas you need physical access to switch a hardware module.

Friday, March 5, 2004

*  Recent Topics

*  Fog Creek Home