SSL施加了多少开销? [英] How much overhead does SSL impose?

问题描述

我知道没有一个简单而快速的答案，但是对于SSL加密开销与未加密套接字通信而言，是否存在通用的幅值估计近似值?我只在谈论通讯处理和连线时间，而不是在计算应用程序级别的处理.

I know there's no single hard-and-fast answer, but is there a generic order-of-magnitude estimate approximation for the encryption overhead of SSL versus unencrypted socket communication? I'm talking only about the comm processing and wire time, not counting application-level processing.

更新

有有关HTTPS与HTTP的问题，但我有兴趣寻找下一个在堆栈中.

There is a question about HTTPS versus HTTP, but I'm interested in looking lower in the stack.

(为了避免混淆，我替换了数量级"一词；我将其用作非正式术语而不是正式的CompSci.当然，如果我 had 的正式含义是，真正的极客，我会一直在考虑二进制而不是十进制！;-)

(I replaced the phrase "order of magnitude" to avoid confusion; I was using it as informal jargon rather than in the formal CompSci sense. Of course if I had meant it formally, as a true geek I would have been thinking binary rather than decimal! ;-)

更新

根据注释中的每个请求，假设我们正在谈论持久连接上的大小合适的消息(范围为1k-10k).因此，连接设置和数据包开销不是重要问题.

Per request in comment, assume we're talking about good-sized messages (range of 1k-10k) over persistent connections. So connection set-up and packet overhead are not significant issues.

推荐答案

数量级:零.

换句话说，添加TLS时，您不会看到吞吐量减少一半或类似的东西. 重复"问题的答案主要集中在应用程序性能以及与SSL开销相比的情况.该问题专门排除了应用程序处理，并试图将非SSL与SSL进行比较.尽管在优化时从全局角度考虑性能是有意义的，但这并不是这个问题所要问的.

In other words, you won't see your throughput cut in half, or anything like it, when you add TLS. Answers to the "duplicate" question focus heavily on application performance, and how that compares to SSL overhead. This question specifically excludes application processing, and seeks to compare non-SSL to SSL only. While it makes sense to take a global view of performance when optimizing, that is not what this question is asking.

SSL的主要开销是握手.那就是发生昂贵的非对称加密的地方.协商后，使用相对有效的对称密码.这就是为启用许多连接的HTTPS服务启用SSL会话非常有用的原因.对于长期存在的连接，这种最终效果"并不那么重要，会话也没有那么有用.

The main overhead of SSL is the handshake. That's where the expensive asymmetric cryptography happens. After negotiation, relatively efficient symmetric ciphers are used. That's why it can be very helpful to enable SSL sessions for your HTTPS service, where many connections are made. For a long-lived connection, this "end-effect" isn't as significant, and sessions aren't as useful.

这是一个有趣的轶事.当Google将Gmail切换为使用HTTPS，不需要其他资源；没有网络硬件，没有新主机.它只会使CPU负载增加大约1％.

Here's an interesting anecdote. When Google switched Gmail to use HTTPS, no additional resources were required; no network hardware, no new hosts. It only increased CPU load by about 1%.

这篇关于SSL施加了多少开销?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！