[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 467
  • Last Modified:

ssl for entire website

I heard at one point that it was a resource hog to force https over an entire website.  What is the lastest on this?  What are the potential downfalls of doing this?
0
LargeFarva
Asked:
LargeFarva
1 Solution
 
Dave HoweCommented:
That is literally true (although not an issue usually in practical terms). An SSL connection (without SSL acceleration) uses, on average, 3x the resources (cpu & memory mostly) as a plain HTTP connection.

However, that is usually a drop in the ocean compared to overheads due to other resources such as database or executable code (the cached dot-net assemblies for asp.net for example are huge, bloated resource hogs that dwarf connection space by an order of magnitude) unless you are running under such a load ratio that there is a queue of connections waiting for a worker thread.

I would suggest a policy of suck-it-and-see - if you turn it on, and load increases to an amount unacceptable for the load profile, then look at offloading the ssl to a frontend box.

Otherwise, just let it run, as sales of ssl acceleration for the real world are near-nonexistent these days (the warnings mostly come from an era of poor cpu resource, when handling 2048 bit RSA was a significant load) *except for* large hosting farms, where that CPU is a shared resource that can be more profitably sold to customers if dedicated SSL hardware is used to remove that load from the CPU.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now