Fast and Secured: Performance Impact of SSL

Our customers always ask what the impact of SSL on performance is. Everyone knows SSL uses more resources. The question is how much the impact is. The following section shows the difference with and without SSL.

Sample Application - The sample application used for these tests is the C# version of the IBuySpy Store Application, more specifically the "Search" user scenario. This scenario is made up of two GET requests and one POST request that executes the actual product search. Page size vary from 25-kb to 100-kb in size and a total of 4 stored procedures get executed by these page views.

Test Environment - Microsoft ACT was used to create the script and stress the system. The hardware specifications are a dual processor 1-Ghz Compaq DL360R IIS Server with 1-gb of RAM and a quad processor 1.6-Ghz Compaq DL580-G2 SQL Server with 4.0-gb of RAM. Both NIC's have been set to 100-mbit full duplex.

Test Result

Throughput (# of Transactions in 10-minutes)
Baseline: 1401 or 2.3-per second
SSL:      1317 or 2.2-per second
Delta:    5%
 
ASP.NET Execution Time
Baseline: < 500-mseconds
SSL: < 500-mseconds
Delta: N/A
 
IIS CPU Utilization
Baseline: 6%
SSL: 30%
Delta: 24%
 
IIS Memory Utilization
Baseline: 4-mb in 10-minutes
SSL: 19-mb in 10-minutes
Delta: 15-mb
 
IIS Server Disk Utilization (Bytes/second)
Baseline: 16,935
SSL: 19,937
Delta: ~3,000-bytes/sec
 
IIS Server Network Utilization (Bytes Total/Second
Baseline: < 500-mseconds
SSL: < 500-mseconds
Delta: N/A

The results above show CPU utilization, network utilization, and memory consumption increase with 128-bit SSL enabled. However, throughput and ASP.NET execution time is impacted very little with SSL enabled. Basically the user experience will not be unduly influenced by the overhead of SSL for this particular set of page views. You should do your own performance testing with your application. But you can use this set of numbers for design and planning.

Caching

Another major impact of applying SSL is to caching. SSL protects sensitive data. As a rule of thumb, caching should be turned off for sensitive data. The Knowledge Base article KB234067 discusses how to turn off caching. https://support.microsoft.com/kb/234067/en-us 

Further, some web pages are developed in HTTP and there are many objects within the web page such as jpg and js files. The developer relies on caching to make the web page fast. Yet, they forget when SSL is turned on for production, these files are not cached anymore and performance degrades as a result. The solution is to keep the web page simple to begin with.

Performance Technologist

Edmund Wong

Comments

  • Anonymous
    July 05, 2006
    Edmund Wong has posted here&amp;nbsp;about the performance implications of SSL and the hit you take on IIS...
  • Anonymous
    July 10, 2006
    I can guarantee that these results failed to take into account that the test client (where ACT was running) was resource starved at some point in the test.  ACT is such a poor tool, why even think it can be used for real testing.
  • Anonymous
    July 31, 2006
    Regarding ACT and resource starving, I believe the important part of this test is the delta (so precision over accuracy). Unless the use of ACT influences how SSL operations get handled, then it seems the results are valid.
  • Anonymous
    August 17, 2006
    What happens if you utilise kernel mode SSL? How much of a delta do you see WRT to IIS resource usage compared to plain HTTP?
    http://www.adopenstatic.com/faq/IISKernelSSL.aspx
  • Anonymous
    August 01, 2007
    My answer is "no" . I am working on solution where there is no Windows Active Directory Domain so we
  • Anonymous
    June 15, 2009
    PingBack from http://mydebtconsolidator.info/story.php?id=5365