performance degradation with https (vs http) in Domino R5

R5 and R6 are full HTTP/1.1 stacks supporting keep-alive.  However, see these complete threads:

http://notes.net46dom.nsf/-/5d9cfb8ee43514cd85256a220054385b

http://notes.net/nd6forum.nsf/-/dd09d2474a9427ed85256dc700452c65

SSL creates a lot of overhead so it's normal that you will experience worse performance than with http.  I don't really think this  has anything to do with keep-alive or not (I think it's not a new authentication), but with encrypting the data each time.  Furthermore, because proxies don't cache the data, you could expect a lot more requests for the same data over and over.

You could move the images to a non-ssl database, so they can be cached and proxied, and don't need to be encrypted.

cheers,

Tom

Bozzie,

No, there is a huge performace hit for using single-object-per-request.  Each SSL session has a lot of handshaking needed to establish the session.  If I have a page containing text and three images, then with Keep-Alive, I only have to set up one session.  If I close the connection for the text, and have to open a second for the first image, and repeat it for the other two, I end up negotiating three etra SSL sessions.  Plus, with Keep-Alive, I can pipeline the commands, so the server can theoretcally start processing and encrypting the images before it is even finished sending the text.  Without this, the browser can't just give the three image reuqests in a row without pause -- it has to wait for all the session negotiation to take place before even requesting each image, then there is the pause while the image is retrieved and encrypted.

thanx gwaletee & Bozzie for your feedback.

gwaletee, your comment indicated that Keep-Alive will pipeline commands in an SSL session and so should improve performance.

earlier you also indicated "R5 and R6 are full HTTP/1.1 stacks supporting keep-alive", is  keep-alive available for https (SSL session) ?

Of the 2 links that you provided, the 1st one appeared not to be available anymore, while the 2nd one refers to caching problem with images in R6. Have you experience similar performance issue in R6 ?

The problem we experience with images is in R5 at this stage.

Sorry, dropped a slash form the first one:


http://notes.net/46dom.nsf/-/5d9cfb8ee43514cd85256a220054385b

http://notes.net/nd6forum.nsf/-/dd09d2474a9427ed85256dc700452c65

As far as I know, the HTTP session is a level 7 session, while SSL operates at level 6 or level 5.  It should allow keep-live.

Sometimes your logging settings in http section of the server document would affect the response time too..Disable it !


~Hemanth

C'mon, off topic.  He really wants to know specifically about getting Keep-Alive to work.

Overlooked that part.

Yes,Domino doesn't support keep-alive. One way that you can get over in R5 is by using  "Maximum requests over a single connection" parameter in IP tab. Wheras R6 supports keep-alive, and this settings are not honored.

In your case probably https is the overhead.. why do you need ssl connection for image files...Best way is to place your image files under icons directory of domino..which bypass ssl for this directory !

Max. requests is a control n keep-alive, not independent of keep-alive, and Domino does has some issues with it.  There is a workaround by changing httpd.cnf -- see my first post -- but I have never been motivated enough to try it ;)

I don't know if that's appropriate.  I believe there is a genuine limitation of Notes that mkhng found and documented, and is asking if there's anyone who has better expertise on the subject, and might have something better than he does.

And the asnwer is, no, mkhong is at least as good in this topic as every expert who chimed in.

So, PAQ with refund seems appropriate to me.