HTTPS Performance Tuning

Bruce Morton

Following up my last post, “SSL is not computationally expensive anymore,” I noticed Google is still using a 1024-bit RSA certificate for Gmail. I did some digging and confirmed that the performance hit of using a 2048-bit RSA key is about five times that of 1024-bit key. So this could create a 5-10 percent load on CPU and network overhead versus 1-2 percent.

With the industry moving to minimum keys sizes of 2048-bit RSA, your mileage may vary. In order to get the best performance over HTTPS, some performance tuning may be required. Here are some tips from the HTTPWatch blog:

  1. Use Keep-Alive sessions to reduce overhead by reusing TCP connections for multiple HTTP requests.
  2. Avoid mixed-content warnings by ensuring that everything on the page is accessed over HTTPS.
  3. Use persistent caching for static content to reduce load on the website and improve performance when a user revisits your site.
  4. Use an HTTPS-aware sniffer to help you optimize and debug your client-server applications.

Check out the HTTPWatch blog for the details on the above items.

Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.


Add to the Conversation