#1
  1. Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Location
    London, UK
    Posts
    4,011
    Rep Power
    2795

    [Apache 2 & CentOS] Forcing SSL


    With the emergence of various SSL spoofs and hijacking techniques, I am considering the use of an SSL blanket across certain web sites that I maintain.

    Has anyone run, or know of, a reasonably comprehensive test for HTTP versus HTTPS speed trials? I would be very interested to see the results. I realise that loading via SSL is slower but by how much?

    Code:
    # Included for google searches on this thread.
    # The following .htaccess file will force the HTTPS protocol.
    RewriteEngine On 
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
    Last edited by Winters; March 5th, 2009 at 09:30 AM.
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,304
    Rep Power
    7175
    There are a significant number of factors that play a part in how much overhead changing the entire site to SSL will generate. It will impact your server's processor most, especially if you don't have dedicated encryption hardware in the server. If you have a lot of CPU cycles to spare go ahead and give it a try, if the server is already running under relatively high CPU load then I wouldn't recommend it.

    Basically, what will slow the site down noticeably is having connections needing to wait for the CPU to encrypt data for one connection before they can start encrypting data for their connection. Unless the server is a complete POS, the extra time needed to encrypt a single connection will be unnoticeable. My point in pointing this out is that enabling SSL won't guarantee a noticeable drop in performance.

    In terms of how much more CPU the connection actually takes, that is relative as well. Creating a new SSL connection takes more cycles than continuing an existing one, since creation of a new SSL connection requires employing an asymmetric cipher to transfer a symmetric cipher key between the client and the server, and asymmetric encryption is slow. Therefore, the lower the average session life of sessions on your server is, the more processor power it will require (assuming the number of hits per second remains constant).

    The raw performance numbers are so relative though that benchmarks run by other people are mostly meaningless.
  4. #3
  5. Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Location
    London, UK
    Posts
    4,011
    Rep Power
    2795
    Called it!
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]
  6. #4
  7. Headless Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,977
    Rep Power
    9647
  8. #5
  9. Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Location
    London, UK
    Posts
    4,011
    Rep Power
    2795
    Back in 2009, I was considering using an SSL blanket on some sites, and nowadays all sites do it.
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]
  10. #6
  11. Headless Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,977
    Rep Power
    9647
  12. #7
  13. Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Location
    London, UK
    Posts
    4,011
    Rep Power
    2795
    No comment ; )
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]

IMN logo majestic logo threadwatch logo seochat tools logo