Open Access Open Access  Restricted Access Subscription or Fee Access

Improving SSL Server Performance While Preventing DOS Attack Using Reverse SSL with Client Puzzle

Dr. R. K. Pateriya, S. C. Shrivastava, Neetu Agrawal


Secure communication is an intrinsic requirement of today’s world of on-line transactions. SSL and its variant TLS are most widely acceptable protocol to create secure connection between the client/server communicating applications. Although SSL provides confidentiality, integrity of data and authentication of the communicating parties but imposes overhead on web server to perform costly cryptographic operations. Therefore it degrades the secure server performance compare to an insecure web server. Moreover an attacker can take dvantage of this overhead and can run automated scripts to generate bulk of requests, each request requires server to perform some costly computation therefore cause denial of service attack on server. So DOS makes highly desirable to improve performance of the SSL handshakes. This paper focuses on Reverse SSL approach with client puzzle to improve server performance.Reverse SSL is an extension of SSL that alleviate the performance cost at server by exchanging role of client and server. Reverse SSL combined the client puzzle to prevent DOS attack. The purpose of paper is to show how the Reverse SSL with client puzzle can be implemented using openssl library and how it improves server performance while preventing the DOS attack.


Security, SSL/TLS, Server performance, DOS,Reverse SSL, Client Puzzle

Full Text:



Claude Castelluccia and Einar Mykletun and Gene Tsudik, Improving Secure Server Performance by Rebalancing SSL/TLS Handshakes,Accepted to AsiaCCS 2006

Cristian Coarfa, Peter Druschel, and Dan S. Wallach, Performance Analysis of TLS Web Servers, ACM Transactions on Computer Systems, Vol. 24, No. 1, February 2006

D. Dean and A. Stubblefield, “Using Client Puzzles to Protect TLS,” Proceedings of the USENIX Security Symposium, 2001Kemal

Kemal BICAKCI, Bruno CrispoAndrew, S. Tanenbaum, Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes

Stephen Fewer, SSL: A discussion of the Secure Socket Layer, Harmony Security 2007

Vipul Gupta, Sumit Gupta, Sheueling Chang, Performance Analysis of Elliptic Curve Cryptography for SSL WiSe’02, September 28, 2002,Atlanta, Georgia, USA

Vipul Gupta, Douglas Stebila, Stephen Fung, Sheueling Chang Shantz,Nils Gura, Hans Eberle, Speeding up Secure Web Transactions Using Elliptic Curve Cryptography, In proceedings of Network and Distributed System Security Symposium NDSS 2004, Internet Society 2004.

Openssl library, website:

Shamima Rahman ,Tuan Anh Nguyen ,T. Andrew Yang Developing Certificate-based Projects for Web Security Classes .

Homin K. Lee, Tal Malkin, Erich Nahum Cryptographic Strength of SSL/TLS Servers: Current and Recent Practices.

Eric Rescorla RTFM, Inc. Version 1.0: October 5, 2001] An Introduction to OpenSSL Programming (Part I)

Eric Rescorla RTFM, Inc. Version 1.0: Janurary 9, 2002 An Introduction to OpenSSL Programming (Part II)

Vicen c Beltran, Jordi Guitart, David Carrera, Jordi Torres, Eduard Ayguad´e and Jesus Labarta, ], Performance Impact of Using SSL on Dynamic Web Applications, XV jornadas de paralelismo—almeria,septiembre 2004.

Hovav Shacham, Dan Boneh, and Eric Rescorla, Client-Side Caching for TLS, ACM Transactions on Information and System Security, Vol. 7, No.4, November 2004

Ncipher’s SSL Accelerators


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.