|
Lars Marowsky-Bree wrote:
> > > Now, SSL carries a "session id" which identifies all requests from a
> > > browser. This can be used to separate the multiple SSL sessions, even if
> > > comeing in from one big proxy and load balance them.
> > OK
>
> But like I said: really hard to get working, and even harder to get right ;-)
>
> (At least I think so)
>
No, not really! As I know, the PCC (Persistent Client Connection) scheduling
in the VS patch for kernel 2.2 can solve connection affinity problem in SSL.
When a SSL connection is made (crypted with server's public key), port 443
for secure Web servers and port 465 for secure mail server, a key (session id)
must be generated and exchanged between the server and the client. The later
connections from the same client are granted by the server in the life span of
the SSL key.
So, the PCC scheduling can make sure that once SSL "session id" is exchanged
between the server and the client, the later connections from the same client
will be directed to the same server in the life span of the SSL key.
However, I haven't tested it myself. I will download ApacheSSL and test
it sometime. Anyone who have tested or are going to test it, please let
me know the result, no matter it is good or bad. :-)
Thanks,
Wensong
|
