RE: questions on SSL

["David Gillett" <gillettdavid () fhda edu>]

  The bandwidth overhead for SSL is quite small, and shouldn't
be an issue.

  However, the CPU load of the encryption/decryption can be 
substantial for a popular site/domain.  It's not unusual for
that to be off-loaded to some sort of front-end, which may
also balance load amongst a number of back-end servers.  Think
of it as a proxy that talks SSL to remote clients, but 
unencrypted to the local servers that actually process the
requests.  This can allow you to ramp up your SSL usage without
slowing your sites to a crawl.

David Gillett


> -----Original Message-----
> From: s0h0us () yahoo com [mailto:s0h0us () yahoo com] 
> Sent: Friday, November 14, 2008 7:28 AM
> To: security-basics () securityfocus com
> Subject: questions on SSL
>
> I'm lookig for some comments regarding using SSL to encrypt 
> connectivity to entire website as opposed to just certain 
> critical connections such as an online banking link at a 
> financial institutions. is this a more common practice now? 
> Bandwidth wouldn't seem to be as big an issue as it was in 
> the past with dialup connections. 
> Can one SSL certificate be used to encrypt multiple links 
> originating from the same site:
> https://x.domain.com
> https://y.domain.com
>
> thanks for the feedback