Welcome to WebmasterWorld Guest from 35.172.217.40

Forum Moderators: open

Message Too Old, No Replies

Does SSL Slow Down Servers?

     
4:05 am on Apr 26, 2017 (gmt 0)

Senior Member

joined:Jan 30, 2006
posts:1696
votes: 15



I would recommend all services be SSL, e.g. make your entire web site & all files SSL.


have you ever run a webserver that was right in front of you? any TCP/IP knowledge? here is a pretty picture for you

[i.stack.imgur.com...]

bye bye google friendly breakneck loading times.

more school

[dzone.com...]




The following messages were split from thread at: https://www.webmasterworld.com/webmaster_hardware/4841708.htm [webmasterworld.com] by not2easy - on Apr 28, 2017

[edited by: not2easy at 4:18 pm (utc) on Apr 28, 2017]
[edit reason] Cleanup [/edit]

8:14 am on Apr 26, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2097
votes: 370


If you're going to school someone, make sure you use up-to-date references. That's a 4-year old article; a lot has changed since then. Have you read the book that is the source of that picture? If HTTPS is slowing you down, you're doing it wrong.

[istlsfastyet.com...]

It's going to get even better with TLS 1.3: [blog.cloudflare.com...]
5:24 pm on Apr 26, 2017 (gmt 0)

Senior Member

joined:Jan 30, 2006
posts:1696
votes: 15


TCP/IP hasn't changed, I could reference something from 15 years ago.

You've only saved 100ms , now lets bog your server down with 1000 handshakes. Sure if you have a low traffic server you won't notice anything.

AND TLS 1.3 is currently in DRAFT STATUS.
7:48 pm on Apr 26, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2097
votes: 370


Draft status or not, it's already going live, at Cloudflare for example, and it won't be long until OpenSSL 1.1.1 comes out with TLS v1.3 support (nginx added support for that yesterday).

SSL handhakes (for HTTPS) are unlikely to be a bottleneck for a web server, even more so now that we have HTTP/2 and various TLS optimizations. If you're looking at "1000 handshakes" (per second?) you're going to run into other bottlenecks first, like bandwidth, a database or disk i/o. Here's a quote from Google, pulled from the site linked above:
On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10 KB of memory per connection and less than 2% of network overhead. Many people believe that SSL/TLS takes a lot of CPU time and we hope the preceding numbers will help to dispel that.
- Adam Langley, Google

I see the benchmark you linked to is actually about adding SSL to MySQL, which is pointless if hosted locally or in a private network, and I think keyplyr was probably referring to adding SSL/TLS to all web (public-facing) services, HTTP in particular.
3:44 am on Apr 27, 2017 (gmt 0)

Senior Member

joined:Jan 30, 2006
posts:1696
votes: 15


it has VERY limited support right now. i think nginx makes the NUMBER 2 spot..its got a long way to go.
im all for encryption, lets just not trivialize it. it does have overhead, and if you get to ham fisted it can bite your site.

Also don't jump on the disk i/o or bandwidth bottle neck wagon. SAS drives and enterprise PCIE SSD paired with DDR4 can put your processor squarely back into the spot light as the thing slowing the system down. Bandwidth these days can match internal I/O speeds. we've come a long way, they aren't making 12 core processors for no reason.
8:17 am on Apr 28, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2097
votes: 370


If Google says that "SSL/TLS accounts for less than 1% of the CPU load", Twitter that "handshake operations do not dominate [their] CPU usage" and Facebook that "commodity CPUs are fast enough to handle heavy HTTPS traffic load", I doubt any of us mortals will find our servers bogged down by handshakes. It's certainly not been my experience, and I mostly run things on $5 virtual servers, which can handle ~500 handshakes per second on a single core. Sure, encryption has overhead, but even with 1M handshakes per day you're only looking at an average of 12 per second (or 2.4% of what the CPU can handle), which is peanuts really. And the overhead gets smaller each year.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members