Distributing crypto work away from apache-ssl?
Hi!
As more and more users access our mail services through TLS/SSL, the CPU
load constantly grows. We already have multiple boxes for incoming
SMTP/submission, and moving stunnels serving POP3S to other boxes is
easy.
However I don't know what to do with the webmail, served by apache-ssl.
Is it possible to somehow move the crypto work to another host? Does
anyone have any experience with this? Would a simple stunnel (443->80)
be enough? AFAIK the webmail application itself does not care whether
it's accessed by http or by https, maybe except for self-referencing URL
creation - I'm not sure what part of URL it creates itself.
Marcin
PS: Yes, I know about the crypto accelerator cards, but they seem a
"bit" expensive :-/
--
Marcin Owsiany <marcin@owsiany.pl> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Reply to: