You can improve SSL performacne by enabling kernel-mode Secure Sockets Layer (SSL). Kernel-mode SSL improves performance by allowing encryption and decryption to take place in the kernel where processing is done faster.
Windows Server 2003 Service Pack 1 allows you run SSL in kernel mode instead of the default, user mode. By running SSL in Kernel mode, SSL is allowed to operate in the core address space (aka the kernel) of Windows 2003 which will increase performace by reducing the amount of transistions between user and kernel modes. Now before you jump in and make the change, there are a few things you need to be aware of! Kernel mode SSL does not support:
- Client certificates
- RC2 ciphers
- PCT 1.0 protocol is not supported
- Bulk encryption offload
- ISAPI GetServerVariable calls for certificate information
Also you should know that any configuration changes you make to the server certificate(s) will require a restart of the HTTP service. Finally, there are also issues with ISAPI and IIS 5.0 compatability mode. You should test the changes in a lab enviroment before enabling this on your production web servers. To configure SSL to run in kernel mode, open the registry for editing and drill down to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
Create a new REG_DWORD called EnableKernelSSL and give it a value of 1. Close the registry editor and then run IISReset from a command prompt to restart IIS.