

SSL Performance Case Study - sweis
https://insouciant.org/tech/ssl-performance-case-study/

======
jackalope
Maybe it's the wording, but I find the recommendations to be a bit unclear and
not entirely faithful to the linked Adam Langley article on "overclocking
SSL". Here is how I've come to understand some of the issues related to SSL
optimization:

1\. Provide all and _only_ the necessary certificates for the chain.

2\. Avoid concatenated certificates if you can provide only one certificate
for each step of the chain. For example, specify SSLCertificateFile,
SSLCertificateChainFile, and SSLCACertificateFile when using Apache httpd,
with each one pointing to a single file containing a single certificate. If
each directive points to the same concatenated certificate (a common
configuration), you're incurring unnecessary overhead and are likely to
produce some of the same errors mentioned in the article.

3\. The BEAST attack helped spotlight the fact that RC4 is not only safe for
SSL, it's extremely fast and cheap compared to other ciphers. Until that is
disproven, configure your server to show a preference for RC4.

I'll be the first to admit that some of the finer points in this field go
whoosh! over my head, but hopefully these minor observations will complement
the article for fellow head-scratchers. If any of my assumptions are wrong,
please feel free to point out and explain my errors.

