Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>There are a couple different factors that influence SSL speed.</p> <ol> <li><p>Server load. You'll increase your server's CPU workload by encrypting all traffic. However, especially on modern hardware, this shouldn't result in a really noticeable difference except for very high traffic sites.</p></li> <li><p>Key size of the symmetric encryption. This I assume is what you mean by decrease the encryption to 128 bit. Probably this is not a significant factor in the overall speed. You can benchmark openssl by running e.g. <code>openssl speed aes</code>. You'll probably find that AES 256 is not much slower than AES 128.</p></li> <li><p>SSL handshake speed. The SSL handshake introduces several additional round trips between client and server that aren't needed in plain HTTP. This means that especially on high latency links it will be longer before you start getting any data from the server. To mitigate this, you can do a few different things:</p> <p>a. Use a 2048 bit RSA private key. This is the currently recommended size as a tradeoff between security and speed. Larger keys will take longer to transfer between client and server, and will be marginally more CPU intensive. (See <code>openssl speed rsa2048 rsa4096</code>.)</p> <p>b. Make sure you're using HTTP keepalive and SSL session resumption. HTTP keepalive will allow clients to reuse existing connections to the server for multiple requests, avoiding the need to set up the connection again. SSL session resumption lets the client and server use their previously agreed upon SSL parameters to start up new sessions more quickly, reducing the number of round trip packets required for a new request.</p></li> </ol> <p>It can be tricky to get the protection right when only some of your pages are served over SSL. You'll definitely want to serve the login form and the page it posts to over HTTPS. You should also set the <a href="http://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly" rel="nofollow noreferrer">Secure</a> flag on session cookies, otherwise any plaintext communication with the server will contain the cookie and allow eavesdroppers to impersonate users' sessions.</p> <p>But in general it's probably not worth the effort trying to figure out which pages need to be protected, given how easy it is to just encrypt everything. For best security, you should also be sure that you've set up your web server so that it passes the <a href="https://www.ssllabs.com/ssltest/index.html" rel="nofollow noreferrer">SSL Server Test</a> from Qualys SSL Labs.</p> <p>Good benchmarking tools will probably depend on your platform. If you're on linux, you might try the <code>ab</code> command which comes with apache: <a href="http://en.wikipedia.org/wiki/ApacheBench" rel="nofollow noreferrer">http://en.wikipedia.org/wiki/ApacheBench</a>.</p>
    singulars
    1. This table or related slice is empty.
    1. POSSL Speed: 128 vs 256 bit
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USA B
    1. USA B
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POSSL Speed: 128 vs 256 bit
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    1. COI'd say "and" - not "and/or". If either is served insecurely, it can be modified or read, making the whole process insecure.
      singulars
      1. PO
      1. USJames Billingham
    2. COGood point. I'd say best practices have moved a fair bit in the four years since I wrote that answer. Will edit to reflect that.
      singulars
      1. PO
      1. USA B
    3. COHeh. I did not notice how long ago it was - thanks for keeping up to date though :)
      singulars
      1. PO
      1. USJames Billingham
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload