Need to setup a scalable backend infrastructure for a mobile app. Connections to the API need to be SSL encrypted. To achieve a simple scalable solution i don't want to terminate SSL at the load balancers. So my options are to terminate it at the app/web servers or in a separate termination layer. No problems so far.
As we know the SSL handshake takes a few roundtrips which unfortunately causes latency. A common solution for this is to cache the SSL sessions. But to keep the stack scalable and load balanced i don't want to use session stickyness and keep my servers stateless. So i need to use a central/distributed SSL session cache, but the options are limited as far as i know.
Some options i know of:
- NGINX as SSL terminator with memcached session cache (http://hezmatt.org/~mpalmer/blog/2011/06/28/ssl-session-caching-in-nginx.html).
- Stunnel as SSL terminator with sessiond as session cache (https://www.stunnel.org/sessiond.html)
- Apache as SSL terminator with distcache as session cache (distcache.sourceforge.net/)
But these options are all outdated and/or under-documented. Are there any solutions i don't know of or recommendations for a scalable and fast SSL termination process?