Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Web server SSL Overhead

Posted on 2010-11-10
3
Medium Priority
?
712 Views
Last Modified: 2012-05-10
Hello All,

I'm building a very high volume web site which needs to be as lean and mean as possible.  The site will be sustained by advertising so it needs to be very efficient.  What kind of performance overhead is accepted by using SSL protection?  How much more server memory, CPU, and bandwidth will be consumed if I use SSL for each user's session?

(I'm using IIS7 configured as a web farm; via SQL Server state management)
0
Comment
Question by:Phil5780
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 25

Accepted Solution

by:
Rouchie earned 1000 total points
ID: 34109657
This question gets asked quite frequently, but unfortunately the figures vary depending on the nature of the site.  Some people estimate that HTTPS is approximately 10 times slower than HTTP, however, this delay is caused by the initial handshake process (when the client and server exchange encryption data) rather than the transfer of files.

This site http://stackoverflow.com/questions/149274/http-vs-https-performance recommends that you create the site then use a profiler tool to check the resource usage (first with HTTP, then HTTPS).

I run a very large web application that is entirely delivered using HTTPS.  I can't say I've really noticed any difference is resource usage, or speed, although I am sure there is some to a degree.

Does your entire app need to use HTTPS, or can you switch to HTTPS for particular elements such as login, account admin, payment?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1000 total points
ID: 34111030
Bandwidth, I am assuming you are talking network, is not really effected by SSL.  

CPU, the big hit in CPU is (as Rouchie stated) the initial handshake.  The overhead of doing the actual encryption/decryption is not that much and depends on the same of the pages. So it depends on how many SSL connections you are going to be doing.  When you read about SSL transactions per second this is typically referring to SSL handshakes per second,  not the number of "https" hits.

Memory usage will vary.  It depends on the size of the pages (actually the individual files that make up the pages) you are serving.  Since you need to hold the page in memory twice for a small time period memory utilization will increase.  However, since most files are small it should not matter that much.


Going down the path Rouchie started, only encrypt what you must.  In fact since the site will be sustained by advertisements, I would suggest that if possible the adds are served up by a server other than the app server and none of the ads should be encrypted.  Now if the page is encrypted this will cause the dreaded "mixed" content messages.
0
 

Author Closing Comment

by:Phil5780
ID: 34160502
SSL is unnecessary then for my site.  It just add unnecessary security for data that's just not that important.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question