O'Reilly logo

Professional Microsoft IIS 8 by Benjamin Perkins, Dennis Glendenning, Scott Forsyth, Jeff Cochran, Kenneth Schaefer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing a Website with TLS

TLS uses X.509 certificates and asymmetric (public/private) key cryptography to establish the identity of the server (or client) and, subsequently, symmetric encryption to traffic securely between the client and server. A handshake between the server and client is used to set up a secure session between the two machines. If at any point during the handshake a failure occurs, then either the session is not established or, in the case of recoverable errors, the user is warned of a potential issue and must manually choose to continue with the establishment of the session.

Note
Since Windows Server 2003 SP1, administrators have been able to use kernel mode SSL, using functionality provided by ksecdd.sys. This significantly cuts the processing overhead involved in negotiating an SSL/TLS connection and in maintaining it during the session. When using kernel mode SSL/TLS, the overhead is approximately 10 percent of capacity to service requests. Because the SSL/TLS handshake process is far more computationally intensive than the communication afterward, the greater the number of shorter sessions, the greater is the impact on a server's performance.

The SSL/TLS Handshake

The process by which a client and a server establish a secure connection is known as the SSL/TLS handshake. The handshake involves the verification of the server's identity (authentication) by the client, as well as a mutual agreement between the client and server as to what encryption ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required