tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Lin <tcw00l...@yahoo.com>
Subject Re: How to optimize Tomcat SSL
Date Mon, 14 Jun 2004 20:06:56 GMT
 
the good news is there's nothing much you can do to optimize tomcat's SSL. The bad news is
SSL is CPU intensive.  the most reliable way to improve SSL performance is to get a hardware
accelerator.  People tend to disagree on this, but I am biased in favor of using hardware
acceleration.
 
from the old benchmarks Remy and I ran, 20 concurrent connections is the limit for SSL. fewer
if you have lots of graphics. Even though a 2ghz CPU webserver can handle 10 concurrent SSL
connection and stay around 50% CPU usage, I personally wouldn't want to do that. On a 400-500mhz
CPU 5-8 is the limit. I hope that helps.
 
peter
 
 


Jeremy Conner <jconner@uplogix.com> wrote:
Is there any way to optimize Tomcat's SSL implementation?

Can I change the protocol to only use 40 bit encryption?
Can I change the default keep alive time for the SSL session?
Are there any other values for 'protocol' other than TLS?

I am running a web app that is using Axis for web service communication 
to alot of client apps. These apps communicate to the server every 30 
seconds. I would like a way to cache the SSL session so that 
handshaking is not happening every time.

It looks like the typical answer to optimizing SSL is to not use Tomcat 
for SSL and use Apache. Is that really the recommended solution?

Here is my current config:

className="org.apache.catalina.connector.http.HttpConnector"
port="8443"
minProcessors="5"
maxProcessors="100"
connectionTimeout="60000"
enableLookups="true"
acceptCount="10"
debug="0"
scheme="https"
secure="true">
className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="true"
protocol="TLS"
keystoreFile="/serverKeys"
keystorePass="password"/>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


		
---------------------------------
Do you Yahoo!?
Friends.  Fun. Try the all-new Yahoo! Messenger
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message