Reputation: 71
Server-to-server communications using cURL, HTTPS POST
I'm implementing server to server communications that should (probably) look like this:
client (web browser) <--> (web app) server (service client) <--> (service app) central server
Some of the client requests are processed locally and some are performed as remote service calls (not RPC). Request to central server is formatted as HTTPS POST and then sent using cURL; server replies with appropriate JSON message.
Problem is, I'm using HTTPS and it takes some additional time for certificate verification, each time service query is performed. It's possible to re-use cURL handle and send 'keep-alive' connection header, but.. In current MVC implementation, each new client request results in new instance of web app (and corresponding service client) - meaning, handle is re-initialized and https connection is established anew.
So, the following questions arise:
- Is there some way to speed-up such HTTPS requests? E.g., somehow bypass verification after first successful connection?
- May I forgo HTTPS (specifically, its time-consuming certificate check procedure) and encrypt/decrypt POST and JSON on my own (for example, using mcrypt) in conjunction with some authorization method (Diffie-Hellman)?
- Am I doing something completely wrong and should immediately stop?
Thank you!
Upvotes: 4
Views: 1501
Answers (2)
Reputation: 99879
Did you measured the overhead of the HTTPS connection ? Is it really significant ?
If you would like to avoid doing the handshake for each request, you could try setting up a persistent secured connection between the server and the central server.
You could do that with a SSH tunnel, a VPN, etc.
Edit: A local reverse HTTP proxy that maintains a keep-alive connection on the central server would be an option too.
Upvotes: 1
Reputation: 21553
- Batch the requests up in a queue and send them x number at a time if it is possible
- You could send an authorisation key with the request that only the server and central server could possibly know how to assemble. But that would leave your actual data in plain sight, which may or may not be a problem.
- Not that I can immediately see
Upvotes: 0
Related Questions
- PHP - cURL : How to safely send data to another server using cURL
- PHP - Sending post request through my server
- Is PHP curl to HTTPS secure?
- Using Curl on a server with SSL
- Will my `post` data passed via SSL with CURL be safe enough?
- How to secure sending Post data through cURL?
- PHP: Security when using CURL?
- how safe is php curl in ssl/https?
- HTTPS Form Submission with cURL(or anything better)
- php server-to-server post?