Beginning with Service Pack 1 of Windows 2003 Server, most SSL processing (request and response encryption and decryption) can be done in kernel mode, rather than in user mode (pre SP1). I haven't seen a lot of discussion on this feature, though it is mentioned in the http.sys SP1 changes document on the Microsoft website. Enabling this feature, allows for a 10-20% performance improvement in handling SSL requests.

I've put together a short article examining the changes that occur when kernel mode SSL is enabled. Comments are more than welcome!