Solved

Web server SSL Overhead

Posted on 2010-11-10
3
702 Views
Last Modified: 2012-05-10
Hello All,

I'm building a very high volume web site which needs to be as lean and mean as possible.  The site will be sustained by advertising so it needs to be very efficient.  What kind of performance overhead is accepted by using SSL protection?  How much more server memory, CPU, and bandwidth will be consumed if I use SSL for each user's session?

(I'm using IIS7 configured as a web farm; via SQL Server state management)
0
Comment
Question by:Phil5780
3 Comments
 
LVL 25

Accepted Solution

by:
Rouchie earned 250 total points
ID: 34109657
This question gets asked quite frequently, but unfortunately the figures vary depending on the nature of the site.  Some people estimate that HTTPS is approximately 10 times slower than HTTP, however, this delay is caused by the initial handshake process (when the client and server exchange encryption data) rather than the transfer of files.

This site http://stackoverflow.com/questions/149274/http-vs-https-performance recommends that you create the site then use a profiler tool to check the resource usage (first with HTTP, then HTTPS).

I run a very large web application that is entirely delivered using HTTPS.  I can't say I've really noticed any difference is resource usage, or speed, although I am sure there is some to a degree.

Does your entire app need to use HTTPS, or can you switch to HTTPS for particular elements such as login, account admin, payment?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 34111030
Bandwidth, I am assuming you are talking network, is not really effected by SSL.  

CPU, the big hit in CPU is (as Rouchie stated) the initial handshake.  The overhead of doing the actual encryption/decryption is not that much and depends on the same of the pages. So it depends on how many SSL connections you are going to be doing.  When you read about SSL transactions per second this is typically referring to SSL handshakes per second,  not the number of "https" hits.

Memory usage will vary.  It depends on the size of the pages (actually the individual files that make up the pages) you are serving.  Since you need to hold the page in memory twice for a small time period memory utilization will increase.  However, since most files are small it should not matter that much.


Going down the path Rouchie started, only encrypt what you must.  In fact since the site will be sustained by advertisements, I would suggest that if possible the adds are served up by a server other than the app server and none of the ads should be encrypted.  Now if the page is encrypted this will cause the dreaded "mixed" content messages.
0
 

Author Closing Comment

by:Phil5780
ID: 34160502
SSL is unnecessary then for my site.  It just add unnecessary security for data that's just not that important.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now