• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 449
  • Last Modified:

Formula to determine SSL processing overhead for web transactions?

Hi everyone,
Was wondering if any one had any thoughts on a formula which we could use to determine the overhead on a server to handle incoming SSL web connections.  Basically looking for a way to say with x number of ssl connections coming in, that causes y amount of overhead to process, which equals needing z resources on the server.  

Honestly not sure if there is a way to do this and guess would have to define certain things, like "what is a ssl transaction".  Is it the complete handshake or just the incoming hit, etc.

Curious to see if anyone has any thoughts...

1 Solution
Depends on the operating system.

On a unix box you can test with a self signed certificate and watch system resources with top as the connection is made and multiply by the number of desired connections. Barring this you can consult with your certificate vendor.
The overhead for SSL is very low compared to the benefits.
The 'heavy' CPU work happens on first contact.  Setting up the keys for the rest of the session involves pretty heavy asymmetrical encryption maths. But the good news is this only happens once at the start (well to be exact it will be repeated if your session lasts long enough - but that is not often)
The measure of this is not easy.  Every different system is different in how it deals with this. Some systems do it in software, some in hardware.
The best measure you could do would be to set up your system to return the same pages to http and https (with and without ssl) then to measure lots of pages.
Jmeter is a great tool for this.
Pull 100 pages from 10 users.  You'll find the first pages they pull are a bit slower but the other pages go just as quick as the non-ssl versions.
So the answer is.... Ssl will slow you down. But not much. A very rough 'guess' for a system which does all the ssl in software (like IIS) would be when you pull 10 pages the first one takes twists as much CPU as the non ssl version and the other 9 would use a little bit more so the CPU time for 10 ssl pages would be similar to 12 or 13 pages on the other non ssl site.
The advantage of security and safety make this worth while :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now