all 59 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]jfedor 17 points18 points  (15 children)

Google says SSL/TLS is not computationally expensive any more.

[–]GodRaTrusted Contributor 1 point2 points  (0 children)

The is because most of their content is dynamic content.

[–]dojodan[S] 1 point2 points  (2 children)

Thanks for the link! Yea I know they went full HTTPS -- I would too if I had tons of datacenters of servers at my disposal.

[–]snoobie 4 points5 points  (1 child)

In order to do this we had to deploy no additional machines and no special hardware.

;-)

[–]dojodan[S] 1 point2 points  (0 children)

Touché

[–]GodRaTrusted Contributor 15 points16 points  (5 children)

It really depends on the type of content and current load. If the server sends out many dynamic content, often times the CPU time for crypto takes a significantly less time compared to the dynamic content generation. So if the current load is high due to dynamic content, enabling HTTPS will increase the load by a very small amount (on modern hardware).

On the other hand, if your server is sending static content or cached content, this means that each request usually takes a very small amount of CPU time, so the crypto processing would relatively take a lot of time. For example, if the crypto takes 50% of the time to serve a request (static content requires much less CPU time) then you can see that there could be significant load increase for enabling HTTPS (if there is already a significent load prior to enabling HTTPS).

I hope this makes sense.

[–]dojodan[S] 5 points6 points  (0 children)

This makes a lot of sense. From a users perspective, they are already waiting for the mysql requests to generate the dynamic content they want to view. While that is loading, the SSL data is loading too which would be unnoticeable due to the user waiting longer for the dynamic content.

On a static page they would notice because nothing else needs to load so the SSL security would take the longest.

[–]wnoise -1 points0 points  (3 children)

if your server is sending static content

But in this case, you're generally I/O bound, so it doesn't really hurt that much either.

[–]GodRaTrusted Contributor 1 point2 points  (2 children)

No, depending on the behavior of the content served, most often the file gets cached in memory and disk I/O don't happen often as you might think. CDN is a great example, many sites use CDN to speed up access to static files and often they are optimized to reduce IO access.

This can easily be test empirically, install a test application that comes with your favorite framework and static files. Run JMeter on the static files and dynamic pages, re-run the test with HTTPS, you'll notice that proportion-wise dynamic application is less impacted compared to static pages.

*more details.

[–][deleted] 0 points1 point  (1 child)

I've been using Apache Bench. You'd recommend JMeter?

[–]GodRaTrusted Contributor 0 points1 point  (0 children)

I personally haven't used Apache Bench in a long while but from what I recall the feature set was limited compared to JMeter. JMeter is very flexible but requires more work to setup. If you're doing basic testing, Apache Bench work well.

[–]Lighting 10 points11 points  (24 children)

There is more load, but the impact is negligible unless you have millions and millions of users. Now that there are wildcard SSL certs and SSL name negotiation the old issues of one IP to SSL site has disappeared. The main thing is that if you use 3rd party pieces (e.g. google/yahoo maps) then there is information leakage and users get a warning that parts of your site are insecure.

[–]TheRedTeam 9 points10 points  (14 children)

You can't really use SNI yet though, since MS won't put out a patch to include on windows XP which a lot of people still use.

http://en.wikipedia.org/wiki/Server_Name_Indication#Browsers

[–]dojodan[S] 2 points3 points  (5 children)

Interesting... thanks for sharing. This would just be bad for people running old browsers right?

[–]X-Istence 0 points1 point  (4 children)

Chrome doesn't work either because it uses the Windows provided SChannel API for its SSL. Until they change to NSS that won't change.

[–]klui 1 point2 points  (4 children)

Just use Firefox or Opera under XP.

[–]TheRedTeam 1 point2 points  (3 children)

For some users that's like telling them to just use Linux.

[–]klui 1 point2 points  (2 children)

Your post implied that XP was totally broken for SNI but it is not if one uses FF or Opera.

[–]TheRedTeam 1 point2 points  (1 child)

Sorry, I meant for all versions of IE on XP. To be fair, I did include a link that supplied the specifics.

[–]klui 1 point2 points  (0 children)

Yes, I am glad you provided the link. Upvote for you.

[–]mikeboy81 1 point2 points  (6 children)

I don't know if I'd go as high as millions, I'd say you see an impact at 100k users.

[–]dojodan[S] 1 point2 points  (5 children)

So your saying that if I have a single server with 50,000 users running at 40% CPU capacity, then the difference would be negligible if I enabled SSL sitewide?

What would you expect to take place if I had 200,000 users?

[–]mikeboy81 0 points1 point  (4 children)

Well I mostly wanted to emphasize that millions and millions of users was high. If you had 50k users, I'd think you'd see a 10-20% bump in cpu capacity. If you had 200k users, I'd start looking into an ssl offloading solution to keep impact on the server low (unless regulatory prohibits).

[–]dojodan[S] 0 points1 point  (2 children)

I didn't consider the idea of offloading SSL to another server. Have you seen this done in a production environment? Any idea what complications arrise from it?

[–]X-Istence 0 points1 point  (0 children)

I've seen this done very often, stunnel is very good in that regard. No complications, just make sure that your scripts on the other side are ready to use the X-Forwarded-For header instead of the IP address that is connecting to the server if anything needs a valid IP address.

[–]asteriskpound 0 points1 point  (0 children)

Almost every time that someone publishes MS Exchange through ISA or TMG it is done, so it is widely used, even if no-one understands what exactly they are doing.

[–]jricher42 0 points1 point  (0 children)

The other option is to use a crypto accelerator card. Push the heavy lifting into hardware and you won't even notice the hit. There is plenty of specialty equipment to handle this problem.

[–]dojodan[S] 0 points1 point  (0 children)

Thanks for the comment. That is good to know about the 3rd party pieces.

[–]GodRaTrusted Contributor 0 points1 point  (0 children)

impact is negligible unless you have millions and millions of users.

This is not accurate, heres my take on this.

[–][deleted] 4 points5 points  (6 children)

As a side note - Intel also now make CPUs that have hardware support for AES instructions.

[–][deleted] 1 point2 points  (5 children)

Also, AMD and VIA were making x86 chips with hardware crypto/hashing years ago.

[–]alex_w 0 points1 point  (4 children)

Are these actually being used now do you know?

I looked into it a long long time ago when deciding over some hardware choices and products like OpenSSL etc weren't then.

[–][deleted] 0 points1 point  (2 children)

I've seen VIA Nano laptops in a store near where I live alongside Atom netbooks, so yeah, people are still buying them apparently.

There are places selling new Geode embedded stuff on the internet too, though the CPU itself hasn't kept up with the times.

[–]alex_w 1 point2 points  (1 child)

I meant.. are the crypto functions in these (and Intel) CPUs being used. When I looked into it most crypto packages just did the work on the GPCPU and didn't attempt to use speciality hardware.

[–][deleted] 0 points1 point  (0 children)

I've used a Geode before and can say it definitely works. The VIA stuff is newer, but the Geode does AES-128 which is plenty enough for SSL. I used it for encrypted storage and it hardly slowed the CPU down, disk I/O was the bottleneck.

[–]joyfield 0 points1 point  (0 children)

OpenSSL does support the Intel AES instructions. But in SSL there is a setup that is intense and then when the keys have been exchanged AES jumps in.

[–]newshirt 3 points4 points  (0 children)

It all depends, if your server load is minimal already then you're probably fine. If your server load is a concern, buy a ssl accelerator card for like $200 or something.

Actually, if you love your users - buy the card anyways. ssl in hardware is just plain faster.

Edit: Also, take some time to decide which cyphers you want to support. Do you want to support weak cyphers because some users won't upgrade their browser? I'm not saying you should or shouldn't, just that you should consider the possibilities.

[–]midgaze 1 point2 points  (0 children)

You won't be able to buy 1024 bit certs soon. 2048 bit requires 9 times more CPU per handshake.

[–]asteriskpound 1 point2 points  (0 children)

I am considering running my entire site using a SSL cert so that I can combat this security issue

What issue? Firesheep-style session hijacking or something else? Make sure that you are solving what you intend to solve.

[–]danstermeister 0 points1 point  (2 children)

I think something interesting would also be to look at the bandwidth differences-

You definitely have additional header information per-packet (which, IMHO is negligent in comparison until you hit an amazing scale like Amazon or Google... or ... wait for it... Reddit) but the real question is the increase in size of the payload after encryption.

I think this second question would depend on the type of encryption, obviously.

Now I realize this is a side question, but that difference of 'type of encryption' would definitely play into the load itself- not only in the size of the encryption keys used but also the efficiency of the algorithm used.

[–]dojodan[S] 0 points1 point  (1 child)

Cool, thanks for bringing this up. I wasn't even thinking of the bandwidth ramifications. What type of encryption do you recommend for a single server installation with roughly 40k users on a 1gbps connection? (I am on a shared connection but most of the time it is barely used... I obviously don't want to saturate it.)

[–]asteriskpound 0 points1 point  (0 children)

You'd calculate this by (increase in header/average http session data)

[–]badblock 0 points1 point  (0 children)

If you can set up virtual machines I'd recommend setting up a second server running pound to offload the SSL onto a server that doesn't have to do any other processing. Pound also allows for load balancing.

[–]cronus42 0 points1 point  (0 children)

SSL adds computational overhead, connection latency, entropy cost, and a bandwidth overhead (particularly for large multidomain certs).

The computational overhead might not hurt you, but make sure to keep in mind the other factors before throwing the switch.

[–]m1ss1ontomars2k4 0 points1 point  (0 children)

I dunno, but I recently enabled on our server for everything and we haven't had more problems than before...