Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to test HTTPS overhead compared to HTTP?

Posted on 2013-12-05
6
Medium Priority
?
242 Views
Last Modified: 2014-11-12
Hi,

We are in the process of launching our site. it is currently designed with several non-secure pages, and we are only securing the login page and some other pages.
Since we are using a Load Balancer to offload the SSL to the backend Apache servers, we are having some issues with which pages need to be in SSL and which do not, it's quite a mess that we don't really have the time to solve.

I suggested just doing the whole thing in https, but we really have to investigate the possible added overhead if we take this approach.
I've been reading around, and I know now that slowness in https is not a fact, it heavily depends on what you are trying to serve. since our application is highly database centric, one could argue that the ssl overhead would be negligible.

I'm trying to get some actual results from testing, what I've done first is set up Jmeter to make a request to the same page in http and https. the results were identical, other than a "warmup" first request that was slower in https.

I don't think my test is meaningful, because:
a. I just realized that the first request was slow because of the SSL handshake, and all the following requests did not have to do the handshake again.
[EDIT: I just found a way to resolve that. unchecked "use keep-alive" in Jmeter, so each request makes its own SSL handshake, as far as I can see in the sniff]
b. Jmeter does not simulate the browser processing time for SSL.

Can anyone recommend another proper way of testing this?
obviously I can do it one at a time with my browser... but I would like to get some proper statistics instead of one refresh at a time

thanks
0
Comment
Question by:shootbox
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:hankknight
ID: 39698710
Do you have access to a Linux command line?
0
 

Author Comment

by:shootbox
ID: 39698725
Yes
0
 
LVL 16

Accepted Solution

by:
hankknight earned 1500 total points
ID: 39698771
Time them both like this:
START=$(date +%s);wget --directory-prefix=tmpdir -E -H -k -K -p http://wiki.apache.org/ >/dev/null 2>&1;echo "It took $(( $(date +%s) - $START )) seconds"; rm -rf tmpdir

Open in new window

0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:shootbox
ID: 39700217
Thanks, but does also does not solve my second limitation - not taking into consideration the actual browser processing time for SSL. it seems that downloading command is more or less like what I was doing with Jmeter.
and.. really? testing performance with only a seconds resolution and not miliseconds?? :D
0
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 39704478
Do you have a large amount of visitors/very heavy usage that this would be a cause for concern?  SSL on every page seems to be common now.    This thread (including the answers not chosen) is worth a read http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_28236294.html
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question