[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Distributing crypto work away from apache-ssl?



Hi!

As more and more users access our mail services through TLS/SSL, the CPU
load constantly grows. We already have multiple boxes for incoming
SMTP/submission, and moving stunnels serving POP3S to other boxes is
easy.

However I don't know what to do with the webmail, served by apache-ssl.
Is it possible to somehow move the crypto work to another host? Does
anyone have any experience with this? Would a simple stunnel (443->80)
be enough? AFAIK the webmail application itself does not care whether
it's accessed by http or by https, maybe except for self-referencing URL
creation - I'm not sure what part of URL it creates itself.

Marcin
PS: Yes, I know about the crypto accelerator cards, but they seem a
"bit" expensive :-/
-- 
Marcin Owsiany <marcin@owsiany.pl>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216



Reply to: