·
·
1 min read

Windows Server 2003 SP1 SSL Improvements

SP1 is really an interesting service pack…..  not only does it do the job of a normal service pack (aggregating updates) it also incorporates added functionality like the Security Configuration Wizard and Post-Setup Security Updates.

But this is something you dont hear to much when talking service packs: increased performance….but tis true. There are a few areas in the service pack that this term is realized, but I think the SSL performance is pretty cool – to the tune of a 50% increase.

So, exactly how did SSL get improved in SP1 you ask?

The biggest improvement to SSL is in it’s new ability to run in Kernel Mode.  This removed the ~11 user-mode round trips for an SSL handshake and by now caching the sessions secrets (securely), no user mode contact is required after the handshake.

But here is the trick…SP1 doesnt automatically switch SSL into kernel mode when you install SP1.  This is something that needs to be done by the administrator. (We did this for compatability reasons as kernel mode SSL doesnt support SSL 2.0)  To switch to SSL Kernel mode you need to add the following registry key:

HKLM\System\Current Control Set\Services\HTTP\Parameters\EnableKernelSsl = (DWORD)1

After that…do a quick net stop http & net start http and Kernel Mode will be used tranparently.

It sure has been an electric few weeks over here in the Windows Server group.  Now that the SP1 and x64 code is complete, we can start focusing on our other big projects this year…..mainly R2 and Longhorn.  If you check out the site, you will see that we have expanded the categories to include R2, SBS, Longhorn, etc. – each with their own feed.

– Ward Ralston