You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tony Anecito <ad...@yahoo.com> on 2007/11/29 22:58:45 UTC
[users@httpd] SSL & Apache Scalability
Hi All,
I have heard a strange story about how using 1 port
for Apache SSL is not a good idea for performance. I
heard if you have three sites usign the same SSL port
it could really slow down performance as compared to
putting those sites on separate ports for SSL.
Should not each site have it's own port for SSL?
Thanks,
-Tony
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL & Apache Scalability
Posted by Dragon <dr...@crimson-dragon.com>.
Tony Anecito wrote:
>Hi All,
>
>I have heard a strange story about how using 1 port
>for Apache SSL is not a good idea for performance. I
>heard if you have three sites usign the same SSL port
>it could really slow down performance as compared to
>putting those sites on separate ports for SSL.
>
>Should not each site have it's own port for SSL?
---------------- End original message. ---------------------
Where did you hear that?
What is true is that you cannot do name-based virtual hosts on the
same IP address with multiple domain names and have that work
correctly (that subject comes up here all the time). Basically, you
have to use a separate IP address for each domain name so that SSL
negotiation serves the correct certificate for the domain. This is a
limitation of the protocol that establishes SSL connections and there
is really no legitimate way around how it works. (There is a way to
"cheat" and use "wild card certificates" but that is considered bad
practice and should not be done).
All of these IP addresses can and should run on port 443 for SSL
unless you have another compelling reason to do something different.
Each of these instances will be separate ports because each IP
address has its own set of ports that are not shared. In other words,
port 443 on IP 192.168.1.100 is not the same as port 443 on IP 10.3.67.24
Perhaps the requirement for a unique IP address is the source of the
confusion?
Dragon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL & Apache Scalability
Posted by Tony Anecito <ad...@yahoo.com>.
Thanks.
I will sendthese email feedbacks to the person who
mentioned it to me and make sure I heard it right.
Many Thanks!
-Tony
--- Sander Temme <sc...@apache.org> wrote:
>
> On Nov 29, 2007, at 1:58 PM, Tony Anecito wrote:
>
> > I have heard a strange story about how using 1
> port
> > for Apache SSL is not a good idea for performance.
> I
>
> Sounds like something for Mythbusters!
>
> > heard if you have three sites usign the same SSL
> port
> > it could really slow down performance as compared
> to
> > putting those sites on separate ports for SSL.
> >
> > Should not each site have it's own port for SSL?
>
>
> For all practical purposes, each SSL site will have
> its own IP
> address. This has much the same effect as running
> the sites on
> different ports: each virtual host will have its own
> listener.
>
> S.
>
> --
> Sander Temme
> sctemme@apache.org
> PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40
> 1529 24AF
>
>
>
>
____________________________________________________________________________________
Be a better sports nut! Let your teams follow you
with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL & Apache Scalability
Posted by Sander Temme <sc...@apache.org>.
On Nov 29, 2007, at 1:58 PM, Tony Anecito wrote:
> I have heard a strange story about how using 1 port
> for Apache SSL is not a good idea for performance. I
Sounds like something for Mythbusters!
> heard if you have three sites usign the same SSL port
> it could really slow down performance as compared to
> putting those sites on separate ports for SSL.
>
> Should not each site have it's own port for SSL?
For all practical purposes, each SSL site will have its own IP
address. This has much the same effect as running the sites on
different ports: each virtual host will have its own listener.
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF