HTTP 与 HTTPS 性能对比 [英] HTTP vs HTTPS performance

问题描述

http 和 https 在性能上有什么主要区别吗?我似乎记得读过 HTTPS 的速度是 HTTP 的五分之一.这对当前一代的网络服务器/浏览器有效吗?如果是这样，是否有任何白皮书支持它?

Are there any major differences in performance between http and https? I seem to recall reading that HTTPS can be a fifth as fast as HTTP. Is this valid with the current generation webservers/browsers? If so, are there any whitepapers to support it?

推荐答案

对此有一个非常简单的答案:分析您的 Web 服务器的性能，以了解针对您的特定情况的性能损失. 有几种工具可以比较 HTTP 与 HTTPS 服务器的性能(想到 JMeter 和 Visual Studio)，而且它们非常易于使用.

There's a very simple answer to this: Profile the performance of your web server to see what the performance penalty is for your particular situation. There are several tools out there to compare the performance of an HTTP vs HTTPS server (JMeter and Visual Studio come to mind) and they are quite easy to use.

如果没有关于您的网站、硬件、软件和网络配置的性质的一些信息，没有人可以给您一个有意义的答案.

No one can give you a meaningful answer without some information about the nature of your web site, hardware, software, and network configuration.

正如其他人所说，由于加密会产生一定程度的开销，但它高度依赖:

As others have said, there will be some level of overhead due to encryption, but it is highly dependent on:

• 硬件
• 服务器软件
• 动态与静态内容的比例
• 客户端到服务器的距离
• 典型的会话长度
• 等等(我个人最喜欢的)
• 缓存客户端的行为

根据我的经验，处理大量动态内容的服务器往往受 HTTPS 的影响较小，因为与内容生成时间相比，加密时间(SSL 开销)微不足道.

In my experience, servers that are heavy on dynamic content tend to be impacted less by HTTPS because the time spent encrypting (SSL-overhead) is insignificant compared to content generation time.

那些需要为相当少量的静态页面提供服务的服务器，这些页面可以很容易地缓存在内存中，因此开销要高得多(在一种情况下，内联网"上的吞吐量减半).

Servers that are heavy on serving a fairly small set of static pages that can easily be cached in memory suffer from a much higher overhead (in one case, throughput was havled on an "intranet").

其他几个人提出的一点是，SSL 握手是 HTTPS 的主要成本.这是正确的，这就是典型会话长度"和客户端的缓存行为"很重要的原因.

One point that has been brought up by several others is that SSL handshaking is the major cost of HTTPS. That is correct, which is why "typical session length" and "caching behavior of clients" are important.

许多非常短的会话意味着握手时间将压倒任何其他性能因素.更长的会话意味着在会话开始时会产生握手成本，但后续请求的开销会相对较低.

Many, very short sessions means that handshaking time will overwhelm any other performance factors. Longer sessions will mean the handshaking cost will be incurred at the start of the session, but subsequent requests will have relatively low overhead.

客户端缓存可以分几个步骤完成，从大型代理服务器到单个浏览器缓存.通常 HTTPS 内容不会缓存在共享缓存中(尽管一些代理服务器可以利用中间人类型的行为来实现这一点).许多浏览器缓存当前会话的 HTTPS 内容，并且经常跨会话缓存.不缓存或较少缓存的影响意味着客户端将更频繁地检索相同的内容.这导致为相同数量的用户提供更多请求和带宽.

Client caching can be done at several steps, anywhere from a large-scale proxy server down to the individual browser cache. Generally HTTPS content will not be cached in a shared cache (though a few proxy servers can exploit a man-in-the-middle type behavior to achieve this). Many browsers cache HTTPS content for the current session and often times across sessions. The impact the not-caching or less caching means clients will retrieve the same content more frequently. This results in more requests and bandwidth to service the same number of users.

这篇关于HTTP 与 HTTPS 性能对比的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！