Following up my last post, “SSL is not computationally expensive anymore,” I noticed Google is still using a 1024-bit RSA certificate for Gmail. I did some digging and confirmed that the performance hit of using a 2048-bit RSA key is about five times that of 1024-bit key. So this could create a 5-10 percent load on CPU and network overhead versus 1-2 percent.
With the industry moving to minimum keys sizes of 2048-bit RSA, your mileage may vary. In order to get the best performance over HTTPS, some performance tuning may be required. Here are some tips from the HTTPWatch blog:
- Use Keep-Alive sessions to reduce overhead by reusing TCP connections for multiple HTTP requests.
- Avoid mixed-content warnings by ensuring that everything on the page is accessed over HTTPS.
- Use persistent caching for static content to reduce load on the website and improve performance when a user revisits your site.
- Use an HTTPS-aware sniffer to help you optimize and debug your client-server applications.
Check out the HTTPWatch blog for the details on the above items.