System Administration Guide: Network Services

Web Servers Using the Secure Sockets Layer Protocol

In the Solaris 10 6/06 release, an Apache 2.0 and a Sun Java System Web Server may be configured to use the Secure Sockets Layer (SSL) Protocol. The protocol provides confidentiality, message integrity and end point authentication between two applications. The Solaris kernel has been changed to accelerate the SSL traffic.

The SSL kernel proxy implements the server side of the SSL protocol. The proxy offers better SSL performance for server applications, like web servers, over applications using user-level SSL libraries. The performance improvement may be as high as +35% depending on the workload of the application.

The SSL kernel proxy supports the SSL 3.0 and TLS 1.0 protocols, as well as most common cipher suites. See the ksslcfg(1M) man page for the complete list. The proxy can be configured to fallback to the user-level SSL server for any unsupported cipher suites.

The following procedures show how to configure servers to use the SSL kernel proxy: