SSL is an excellent protocol. Like many tools, it is effective if you know how to use it well, but it is also easy to misuse. If you are deploying SSL, there are many pitfalls to be aware of, but with a little work, most can be avoided. In this article, we discuss the seven most common pitfalls when deploying SSL-enabled applications with OpenSSL.. . .
SSL is an excellent protocol. Like many tools, it is effective if you know how to use it well, but it is also easy to misuse. If you are deploying SSL, there are many pitfalls to be aware of, but with a little work, most can be avoided. In this article, we discuss the seven most common pitfalls when deploying SSL-enabled applications with OpenSSL.

A common complaint about SSL (and its successor, TLS) is that it's slow. Yes, it's a lot slower than a traditional, unsecured TCP/IP connection. However, any inefficiencies that exist with SSL are a direct result of it providing adequate security. Nonetheless, this problem leads many people to avoid using SSL altogether.

Most of the inefficiencies in SSL occur at connection establishment. The actual encrypted data exchange isn't noticeably slow. Therefore, if your applications don't need to make more than a few dozen new connections per second, you shouldn't be worried about efficiency with SSL.

There are ways to boost the speed of SSL. One way is to use session caching, which removes the most expensive part of the connection process for those clients who have previously connected. Another way is to purchase cryptographic-acceleration hardware. OpenSSL supports most such hardware. Finally, it's possible to offload SSL connections to multiple machines using load balancing.