A lot of us have web and application servers which use plain TCP.

Some people have web along with other servers which use a safe and secure layer for example SSL.

My knowledge of SSL would be that the handshaking is extremely computationally intensive, and also the file encryption of the ongoing connection is (relatively) cheap.

My assumption that you should correct: a typical hosting box (and information on what's average at cloud hosting could be awesome too) might easy be anticipated to have the ability to saturate its network connections with AES-encoded packets, but have a problem carrying out a 1000 RSA handshakes per second. Client authentication with certificates is substantially more costly for that server than anonymous clients too.

What type of guidelines for the amount of session configurations per second for SSL exist?

Why don't you just measure? You'll have real amounts around the exact software and hardware that you're using. You will also have the ability to appraise the impact of alterations in the server infrastructure (adding more boxes, SSL accelerators, fine-tuning parameters, whoever else).

You're correct that you'd be challenged to get at a 1000 SSL handshakes per second on one box. Actually, I'd say it's most likely impossible. A couple of dozen per second, no problem. A 1000, not without lots of $$$.

It is also likely you don't actually need 1000 handshakes per second. That's quite a bit, and you'd already need a great deal of visitors to need something of that nature: Check this out: What do I need in SSL TPS Performance?

Keep in mind that normally you will not do new SSL handshakes constantly. Browsers perform the handshake once, and the bond open over numerous demands and/or page sights, so that your needs for handshakes per second might be reduced than you believe.

As Ville stated there's no real option then to give it a try in your configuration. Try not to undervalued the symmetric file encryption of information after creating a hyperlink. It may be less costly but when you will download lots of data within the encoded funnel of computer might be more expensive compared to initial settlement.

So with this you need to develop a common scenario for using your website after which stress test.