Performance Impact of kssl

One of the hidden gem of Solaris is the kssl feature. Long-time readers know this feature, as i wrote a tutorial about it. For the uninitiated: It’s a in-kernel SSL proxy. Why should you put this in the kernel. Well, especially when you use a SSL-accelerator you have to jump from user space to kernel space and back several times as the SSL library (OpenSSL e.g) is in user space and the driver for the card is in kernel space. That jumping costs you a lot of time. There is an interesting article about Weblogic SSL performance in the BestPerf blog. When you just want to take one thing out of this whole article, then just look at the first chart at the red and the blue line: Red is the system configured to provide SSL via kssl, blue is the system configured to provide SSL via Weblogic itself. Both systems are using the SSL hardware. I don’t know how you would call it, but the difference is pretty significant. A good example, why kssl is such a nice tool. And it’s just there in Solaris 10.