{"id":21768,"date":"2014-05-08T10:09:22","date_gmt":"2014-05-08T08:09:22","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=21768"},"modified":"2014-05-08T10:09:22","modified_gmt":"2014-05-08T08:09:22","slug":"on-tls-performance","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2014\/05\/08\/on-tls-performance\/","title":{"rendered":"On TLS performance"},"content":{"rendered":"<!-- google_ad_section_start -->\n<blockquote><p>We have deployed TLS at a large scale using both hardware and software load balancers. We have found that modern software-based TLS implementations running on commodity CPUs are fast enough to handle heavy HTTPS traffic load without needing to resort to dedicated cryptographic hardware. We serve all of our HTTPS traffic using software running on commodity hardware.<\/p><\/blockquote>\n<p>Doug Beaver, Facebook<br \/>\n<a href=\"http:\/\/lists.w3.org\/Archives\/Public\/ietf-http-wg\/2012JulSep\/0251.html\">HTTP2 Expression of Interest<\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>We have deployed TLS at a large scale using both hardware and software load balancers. We have found that modern software-based TLS implementations running on commodity CPUs are fast enough to handle heavy HTTPS traffic load without needing to resort to dedicated cryptographic hardware. We serve all of our HTTPS traffic using software running on &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2014\/05\/08\/on-tls-performance\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">On TLS performance<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"quote","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,133,62,1334],"tags":[3298,2271,3225,1057,200],"keyring_services":[],"class_list":["post-21768","post","type-post","status-publish","format-quote","hentry","category-general","category-sysadmin","category-technology","category-web-work","tag-doug-beaver","tag-facebook","tag-http","tag-performance","tag-security","post_format-post-format-quote"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":21767,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/05\/08\/is-tls-fast-yet\/","url_meta":{"origin":21768,"position":0},"title":"Is TLS Fast Yet?","author":"Leonid Mamchenkov","date":"May 8, 2014","format":"link","excerpt":"Is TLS Fast Yet? TLS has exactly one performance problem: it is not used widely enough. Everything else can be optimized.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27586,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/05\/14\/haproxy-sni\/","url_meta":{"origin":21768,"position":1},"title":"HAProxy SNI","author":"Leonid Mamchenkov","date":"May 14, 2017","format":false,"excerpt":"\"HAProxy SNI\" is pure gold! If you want to have a load balancer for HTTPS traffic, without managing SSL certificates on the said load balancer, there is a way to do so. The approach is utilizing the Server Name Indication (SNI) extension to the TLS protocol. \u00a0I knew about it\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28885,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/10\/25\/the-illustrated-tls-connection\/","url_meta":{"origin":21768,"position":2},"title":"The Illustrated TLS Connection","author":"Leonid Mamchenkov","date":"October 25, 2018","format":false,"excerpt":"\"The Illustrated TLS Connection\" is an interactive guide to the TLS connection, explaining every byte with code, comments, annotations, and more.\u00a0 If you ever wanted to know the details of how this works, I can't think of a better resource to direct you to.\u00a0 And if you find any issues\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/10\/tls_illustrated-451x500.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":18411,"url":"https:\/\/mamchenkov.net\/wordpress\/2013\/06\/28\/google-adds-quic-protocol-to-latest-chrome-build-delivering-http-over-udp\/","url_meta":{"origin":21768,"position":3},"title":"Google adds QUIC protocol to latest Chrome build, delivering HTTP over UDP","author":"Leonid Mamchenkov","date":"June 28, 2013","format":"link","excerpt":"Google adds QUIC protocol to latest Chrome build, delivering HTTP over UDP Here are the QUIC highlights Google wants to emphasize right now: High security similar to TLS. Fast (often 0-RTT) connectivity similar to TLS Snapstart combined with TCP Fast Open. Packet pacing to reduce packet loss. Packet error correction\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":21759,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/05\/07\/http2-explained\/","url_meta":{"origin":21768,"position":4},"title":"http2 explained","author":"Leonid Mamchenkov","date":"May 7, 2014","format":"link","excerpt":"http2 explained - This document describes http2 at a technical and protocol level. Background, the protocol, the implementations and the future. Some highlights: The http2 spec is expected to ship in June 2014 (a month or two away!) http2 is heavily based on Google's SPDY http2 is binary http2 fixes\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":21462,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/04\/09\/the-heartbleed-bug\/","url_meta":{"origin":21768,"position":5},"title":"The Heartbleed Bug","author":"Leonid Mamchenkov","date":"April 9, 2014","format":false,"excerpt":"If you haven't heard about The Heartbleed Bug yet, here is your chance. \u00a0This page describes it nicely in not too technical detail. \u00a0Let's get a few quotes to get you started: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"heartbleed","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2014\/04\/heartbleed.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/21768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=21768"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/21768\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=21768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=21768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=21768"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=21768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}