October 2010

Firesheep killed HTTP. Long Live HTTPS With Free SSL Acceleration, Courtesy of SPARC/Solaris!

SPARC_T3.jpg

Before we continue our little Performance Analysis Series, let's look at some current news:

The Bad News: HTTP is dead. Get over it. The killer? It's called Firesheep, a free Firefox extension that makes it trivially easy for that kid sitting next to you in that Wifi hotspot to steal your Facebook, Twitter or other web services' identity.

The Victims: The first line of victims are of course millions of unsuspecting users that are sitting in WLAN areas, not knowing that their web identities can be stolen at the click of the button. But the real victims are hundreds, if not thousands of website owners, starting with the who-is-who of web companies, who are now (rightly so) faced with the challenge of upgrading their web infrastructure to HTTPS as soon as possible, preferably overnight.

The Good News: Adding encryption to your web servers used to be an additional burden on the CPU, negatively impacting performance by as much as 2-3x. Fortunately, the new SPARC T3 processors enable you to switch SSL encryption on for your web applications, without any performance impact. This is possible through built-in encryption engines at the core level. And thanks to the Oracle Solaris Cryptographic Framework, it's easy to take advantage of hardware encryption for any application that needs it.

Wanna learn more? Read on!