You can easily test the difference between HTTP and HTTPS performance in your own browser using the HTTP vs HTTPS Test website by AnthumChris: “This page measures its load time over unsecure HTTP and encrypted HTTPS connections. by loading data not required into the page (perhaps in a hidden HTML element) and then showing it using client-script. Reducing the number of requests to as few as possible - by combining resources where possible (e.g.js include files, CSS) and encouraging client-side caching.Ensuring that your server is using HTTP keepalives - this allows the client to reuse SSL sessions, which avoids the need for another handshake.The latency can be mitigated to some extent by: Compare HTTP with HTTPS on the same setup. Tools exist to simulate a high latency link - for Linux there is "netem". Measure (using a tool such as Firebug) the page load times while the server is on the end of a simulated high-latency link. The overhead is due to the SSL handshakes, which are lengthy and drastically increase the number of round-trips required for a HTTPS session over a HTTP one. On a modern CPU, the encryption required by SSL is trivial. The overhead is NOT due to the encryption. This results in more requests and bandwidth to service the same number of users. The impact the not-caching or less caching means clients will retrieve the same content more frequently. Many browsers cache HTTPS content for the current session and often times across sessions. Generally HTTPS content will not be cached in a shared cache (though a few proxy servers can exploit a man-in-the-middle type behavior to achieve this). Longer sessions will mean the handshaking cost will be incurred at the start of the session, but subsequent requests will have relatively low overhead.Ĭlient caching can be done at several steps, anywhere from a large-scale proxy server down to the individual browser cache. Many, very short sessions means that handshaking time will overwhelm any other performance factors. That is correct, which is why "typical session length" and "caching behavior of clients" are important. Servers that are heavy on serving a fairly small set of static pages that can easily be cached in memory suffer from a much higher overhead (in one case, throughput was havled on an "intranet").Įdit: One point that has been brought up by several others is that SSL handshaking is the major cost of HTTPS. In my experience, servers that are heavy on dynamic content tend to be impacted less by HTTPS because the time spent encrypting (SSL-overhead) is insignificant compared to content generation time. No one can give you a meaningful answer without some information about the nature of your web site, hardware, software, and network configuration.Īs others have said, there will be some level of overhead due to encryption, but it is highly dependent on: There are several tools out there to compare the performance of an HTTP vs HTTPS server (JMeter and Visual Studio come to mind) and they are quite easy to use. There's a very simple answer to this: Profile the performance of your web server to see what the performance penalty is for your particular situation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |