Formula to determine SSL processing overhead for web transactions?

Hi everyone,
Was wondering if any one had any thoughts on a formula which we could use to determine the overhead on a server to handle incoming SSL web connections.  Basically looking for a way to say with x number of ssl connections coming in, that causes y amount of overhead to process, which equals needing z resources on the server.  

Honestly not sure if there is a way to do this and guess would have to define certain things, like "what is a ssl transaction".  Is it the complete handshake or just the incoming hit, etc.

Curious to see if anyone has any thoughts...

Thanks.
frankrizzo1856Asked:
Who is Participating?
 
edster9999Connect With a Mentor Commented:
The overhead for SSL is very low compared to the benefits.
The 'heavy' CPU work happens on first contact.  Setting up the keys for the rest of the session involves pretty heavy asymmetrical encryption maths. But the good news is this only happens once at the start (well to be exact it will be repeated if your session lasts long enough - but that is not often)
The measure of this is not easy.  Every different system is different in how it deals with this. Some systems do it in software, some in hardware.
The best measure you could do would be to set up your system to return the same pages to http and https (with and without ssl) then to measure lots of pages.
Jmeter is a great tool for this.
Pull 100 pages from 10 users.  You'll find the first pages they pull are a bit slower but the other pages go just as quick as the non-ssl versions.
So the answer is.... Ssl will slow you down. But not much. A very rough 'guess' for a system which does all the ssl in software (like IIS) would be when you pull 10 pages the first one takes twists as much CPU as the non ssl version and the other 9 would use a little bit more so the CPU time for 10 ssl pages would be similar to 12 or 13 pages on the other non ssl site.
The advantage of security and safety make this worth while :)

0
 
lanboyoCommented:
Depends on the operating system.

On a unix box you can test with a self signed certificate and watch system resources with top as the connection is made and multiply by the number of desired connections. Barring this you can consult with your certificate vendor.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.