iNTERFACEWARE Products Manual > Installing and Using Iguana > Using Iguana > Creating a Channel > Iguana Performance and SSL Encryption |
|
Looking for Iguana v.5 or v.6? Learn More or see the Help Center.
If you are using the SSL protocol with any channel source or destination component that supports it, the SSL connections may consume a significant amount of processing time if the channels are repeatedly connecting to and disconnecting from the systems that are communicating with them. This is because the SSL protocol creates a shared secret key (also known as a session key) whenever a connection between two systems is established. This session key is encrypted/decrypted using asymmetric encryption, which is computationally expensive. The size of the private and public keys directly affects how expensive this operation is. After the session key has been successfully shared between the two systems using asymmetric encryption, the two systems subsequently use symmetric encryption with the session key to secure communications, which is much less computationally expensive. When a connection is dropped, the process of establishing the session key is initiated again. If SSL channels are repeatedly connecting to and disconnecting from outside systems, system performance may be noticeably affected. SSL channels that are configured to use a persistent connection should not cause a sustained drain on system resources, as symmetric encryption remains in use after the initial connection is established. If you notice that your Iguana server is consuming significant processor time and you are using SSL with a channel component, consider configuring the channel to use a persistent connection. Since the size of the public and private keys can have an effect on processor time use, an alternative to using a persistent connection is to use smaller private keys. However, this is not recommended, as smaller keys are less secure than those that are longer (2048 bits or more). |