Is there any recommendation or limit to the number of IPs one can bind to a website in IIS7? I have a website that is bound to several IPs (each has it's own SSL certificate) and it seems like the SSL processing on it is becoming really slow
A:
SSL has a cost in the handshake, and another cost in the actual data encrypting. So each new connection has a fixed cost component, and then a cost that is proportional to the length of the data sent.
You can design your sites to minimize the amount of content that needs encrypting, for example by mixing in unsecured content (provide images over non-encrpyted links). (sometimes generates prompting in browsers, but users always seem to ignore this and all the big websites use this trick). You can also try to make maximum use of keep-alive connections, although this is something browsers ought to handle fairly automatically.
Ultimately SSL is substantially more computationally intensive than normal web page serving, and thats why there is a whole SSL accelerator card market! If you need to do buckets of SSL, consider buying an accelerator.
Will
2009-05-05 09:30:54