5

Troubleshooting And Improving HTTPS/TLS Connection Performance

 2 years ago
source link: https://blog.jakubholy.net/2015/11/27/troubleshooting-and-improving-httpstls-connection-performance/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Troubleshooting And Improving HTTPS/TLS Connection Performance

November 27, 2015
Our team has struggled with slow calls to the back-end, resulting in unpleasant, user-perceivable delays. While a direct (HTTP) call to a backend REST service took around 50ms, our median time was around 300ms (while using HTTPS and a proxy between us and the service).

We have just decreased that time to median of 80ms by making sure to keep the connections alive and reusing them, which in Node.js can be achieved via using an https.agent and setting its keepAlive: true (see the Node TLS documentation).

PayPal has a couple of additional useful tips in their 4/2014 post Outbound SSL Performance in Node.js, mainly:
  • Disable expensive SSL ciphers (if you don't need their strength)
  • Enable SSL session resume, if supported by the server, for shorter handshakes - the StrongLoop post "How-to Improve Node.js HTTPS Server Performance" explains how to enable SSL session resume
  • Keep Alive
The article SSL handshake latency and HTTPS optimizations (via Victor Danell) explains the ± 3.5* higher cost of SSL due to the 3 roundtrips need for the handshake (+ key generation time) and shows how to use curl to time connections and their SSL parts, as well as how to use OpenSSL and Tcpdump to learn even more about it.

See also IsTlsFastYet.com for a lot of valuable information, benchmarks etc.

Tools

(See the articles linked to above for examples)
  • openssl s_client
  • pathchar by the traceroute author, intended to help to "find the bandwidth, delay, average queue and loss rate of every hop between any source & destination"; there is also pchar, based on it

Are you benefitting from my writing? Consider buying me a coffee or supporting my work via GitHub Sponsors. Thank you! You can also book me for a mentoring / pair-programming session via Codementor or (cheaper) email.

Allow me to write to you!

Let's get in touch! I will occasionally send you a short email with a few links to interesting stuff I found and with summaries of my new blog posts. Max 1-2 emails per month. I read and answer to all replies.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK