How to test HTTPS overhead compared to HTTP?

Hi,

We are in the process of launching our site. it is currently designed with several non-secure pages, and we are only securing the login page and some other pages.
Since we are using a Load Balancer to offload the SSL to the backend Apache servers, we are having some issues with which pages need to be in SSL and which do not, it's quite a mess that we don't really have the time to solve.

I suggested just doing the whole thing in https, but we really have to investigate the possible added overhead if we take this approach.
I've been reading around, and I know now that slowness in https is not a fact, it heavily depends on what you are trying to serve. since our application is highly database centric, one could argue that the ssl overhead would be negligible.

I'm trying to get some actual results from testing, what I've done first is set up Jmeter to make a request to the same page in http and https. the results were identical, other than a "warmup" first request that was slower in https.

I don't think my test is meaningful, because:
a. I just realized that the first request was slow because of the SSL handshake, and all the following requests did not have to do the handshake again.
[EDIT: I just found a way to resolve that. unchecked "use keep-alive" in Jmeter, so each request makes its own SSL handshake, as far as I can see in the sniff]
b. Jmeter does not simulate the browser processing time for SSL.

Can anyone recommend another proper way of testing this?
obviously I can do it one at a time with my browser... but I would like to get some proper statistics instead of one refresh at a time

thanks
shootboxAsked:
Who is Participating?
 
hankknightConnect With a Mentor Commented:
Time them both like this:
START=$(date +%s);wget --directory-prefix=tmpdir -E -H -k -K -p http://wiki.apache.org/ >/dev/null 2>&1;echo "It took $(( $(date +%s) - $START )) seconds"; rm -rf tmpdir

Open in new window

0
 
hankknightCommented:
Do you have access to a Linux command line?
0
 
shootboxAuthor Commented:
Yes
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
shootboxAuthor Commented:
Thanks, but does also does not solve my second limitation - not taking into consideration the actual browser processing time for SSL. it seems that downloading command is more or less like what I was doing with Jmeter.
and.. really? testing performance with only a seconds resolution and not miliseconds?? :D
0
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Do you have a large amount of visitors/very heavy usage that this would be a cause for concern?  SSL on every page seems to be common now.    This thread (including the answers not chosen) is worth a read http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_28236294.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.