[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 467
  • Last Modified:

ssl for entire website

I heard at one point that it was a resource hog to force https over an entire website.  What is the lastest on this?  What are the potential downfalls of doing this?
1 Solution
Dave HoweCommented:
That is literally true (although not an issue usually in practical terms). An SSL connection (without SSL acceleration) uses, on average, 3x the resources (cpu & memory mostly) as a plain HTTP connection.

However, that is usually a drop in the ocean compared to overheads due to other resources such as database or executable code (the cached dot-net assemblies for asp.net for example are huge, bloated resource hogs that dwarf connection space by an order of magnitude) unless you are running under such a load ratio that there is a queue of connections waiting for a worker thread.

I would suggest a policy of suck-it-and-see - if you turn it on, and load increases to an amount unacceptable for the load profile, then look at offloading the ssl to a frontend box.

Otherwise, just let it run, as sales of ssl acceleration for the real world are near-nonexistent these days (the warnings mostly come from an era of poor cpu resource, when handling 2048 bit RSA was a significant load) *except for* large hosting farms, where that CPU is a shared resource that can be more profitably sold to customers if dedicated SSL hardware is used to remove that load from the CPU.

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now