Kernel Mode SSL in HTTPAPI 2.0

Win2k3 SP1 introduced Kernel mode SSL which had great perf benefits over Win2k3 but the implementation was limited and required a restart of HTTP.sys to change the server certificate configuration. Hence it was not turned on by default. In Vista Beta 1 these limitations have been fixed with dynamic updates to configuration settings and support for client certificates. Previously unparsed requests and formatted responses were pushed to a user mode service for decryption and encryption. This overhead is saved by doing the encryption and decryption in kernel mode and eliminating the extra service. (One less service on Vista! Wohoo!). With the new API it is possible to bind certificates to IPV6 addresses. In SP1 this had to be done with wild card IPV4 addresses.

 -- Narasimhan Venkataramaiah (narave)

Comments (0)

Skip to main content