performance degradation with https (vs http) in Domino R5

We use Domino web server R5. In a web application with plenty of graphics, we experience severe performance degradation when using https (compared to http).

One theory is that the SRC attribute (in the html) for the graphic/icon requires the browser to get each of the gif/jpeg file from the web server and with https in Domino R5, each new request needs to be authenticated ?! because R5 (and R6) does not support "keep-alive" requests. Is that the reason ?

Can https be made to work with respective response time in R5/R6 ?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

R5 and R6 are full HTTP/1.1 stacks supporting keep-alive.  However, see these complete threads:

Bozzie4IT ArchitectCommented:
SSL creates a lot of overhead so it's normal that you will experience worse performance than with http.  I don't really think this  has anything to do with keep-alive or not (I think it's not a new authentication), but with encrypting the data each time.  Furthermore, because proxies don't cache the data, you could expect a lot more requests for the same data over and over.

You could move the images to a non-ssl database, so they can be cached and proxied, and don't need to be encrypted.



No, there is a huge performace hit for using single-object-per-request.  Each SSL session has a lot of handshaking needed to establish the session.  If I have a page containing text and three images, then with Keep-Alive, I only have to set up one session.  If I close the connection for the text, and have to open a second for the first image, and repeat it for the other two, I end up negotiating three etra SSL sessions.  Plus, with Keep-Alive, I can pipeline the commands, so the server can theoretcally start processing and encrypting the images before it is even finished sending the text.  Without this, the browser can't just give the three image reuqests in a row without pause -- it has to wait for all the session negotiation to take place before even requesting each image, then there is the pause while the image is retrieved and encrypted.
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

mkhongAuthor Commented:
thanx gwaletee & Bozzie for your feedback.

gwaletee, your comment indicated that Keep-Alive will pipeline commands in an SSL session and so should improve performance.

earlier you also indicated "R5 and R6 are full HTTP/1.1 stacks supporting keep-alive", is  keep-alive available for https (SSL session) ?

Of the 2 links that you provided, the 1st one appeared not to be available anymore, while the 2nd one refers to caching problem with images in R6. Have you experience similar performance issue in R6 ?

The problem we experience with images is in R5 at this stage.

Sorry, dropped a slash form the first one:

As far as I know, the HTTP session is a level 7 session, while SSL operates at level 6 or level 5.  It should allow keep-live.
Sometimes your logging settings in http section of the server document would affect the response time too..Disable it !

C'mon, off topic.  He really wants to know specifically about getting Keep-Alive to work.
Overlooked that part.

Yes,Domino doesn't support keep-alive. One way that you can get over in R5 is by using  "Maximum requests over a single connection" parameter in IP tab. Wheras R6 supports keep-alive, and this settings are not honored.

In your case probably https is the overhead.. why do you need ssl connection for image files...Best way is to place your image files under icons directory of domino..which bypass ssl for this directory !
Max. requests is a control n keep-alive, not independent of keep-alive, and Domino does has some issues with it.  There is a workaround by changing httpd.cnf -- see my first post -- but I have never been motivated enough to try it ;)
I don't know if that's appropriate.  I believe there is a genuine limitation of Notes that mkhng found and documented, and is asking if there's anyone who has better expertise on the subject, and might have something better than he does.

And the asnwer is, no, mkhong is at least as good in this topic as every expert who chimed in.

So, PAQ with refund seems appropriate to me.
PAQed with points refunded (250)

Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Lotus IBM

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.