soymanue
Jan 14, 2010Nimbostratus
Performance with SSL Server Offload
Hello
We haved changed Linux LVS for LTM to balance or SSL Apache Servers. During the migration, we have also installed the public SSL certificates in
the LTMs to offload the Apaches, and we're are using internal certificates between the LTM and the Apaches.
Since that, the measure of times to open the main page is quite worse than it used to be.
After activating oneconnect profile with 255.255.255.255 mask, the performance has improved, but is still quite worse that it used to be.
With an sniffer, the captures show that it looks as if certificate ciphering is continuously:
Client Key Exchange. Chage Cipher Spe, Encrypted Handshake Message
If the ssl profile and certificate are removed from the LTM, the sysmem behaves as it used to be. Ciphering is negotiatend at the beginning of the session.
The LTM negotiates SSLv3 with client, when it has the certificate. The Apache serves negotiates TLS1