Windows Server 2003 SP1 SSL Improvements

  • From: Danny <nocmonkey@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>, "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 13 Apr 2005 16:29:14 -0400

Anyone tested this?  And did anyone bloody-well know about it? LOL
"Windows Server 2003 SP1 SSL Improvements
posted Monday, April 04, 2005 5:14 PM by WindowsServer

SP1 is really an interesting service pack.....  not only does it do
the job of a normal service pack (aggregating updates) it also
incorporates added functionality like the Security Configuration
Wizard and Post-Setup Security Updates.

But this is something you dont hear to much when talking service
packs: increased performance....but tis true. There are a few areas in
the service pack that this term is realized, but I think the SSL
performance is pretty cool - to the tune of a 50% increase.

So, exactly how did SSL get improved in SP1 you ask? 

The biggest improvement to SSL is in it's new ability to run in Kernel
Mode.  This removed the ~11 user-mode round trips for an SSL handshake
and by now caching the sessions secrets (securely), no user mode
contact is required after the handshake.

But here is the trick...SP1 doesnt automatically switch SSL into
kernel mode when you install SP1.  This is something that needs to be
done by the administrator. (We did this for compatability reasons as
kernel mode SSL doesnt support SSL 2.0)  To switch to SSL Kernel mode
you need to add the following registry key:

HKLM\System\Current Control
Set\Services\HTTP\Parameters\EnableKernelSsl = (DWORD)1

After a quick net stop http & net start http and Kernel Mode
will be used tranparently.

It sure has been an electric few weeks over here in the Windows Server
group.  Now that the SP1 and x64 code is complete, we can start
focusing on our other big projects this year.....mainly R2 and
Longhorn.  If you check out the site, you will see that we have
expanded the categories to include R2, SBS, Longhorn, etc. - each with
their own feed.

- Ward Ralston"

Other related posts:

  • » Windows Server 2003 SP1 SSL Improvements