SSL 带来了多少开销? [英] How much overhead does SSL impose?

问题描述

我知道没有单一的硬性答案，但是对于 SSL 与未加密套接字通信的加密开销，是否有一个通用的数量级估计近似值?我只说通信处理和连线时间，不包括应用级处理.

I know there's no single hard-and-fast answer, but is there a generic order-of-magnitude estimate approximation for the encryption overhead of SSL versus unencrypted socket communication? I'm talking only about the comm processing and wire time, not counting application-level processing.

更新

有 关于 HTTPS 与 HTTP 的问题，但我有兴趣看低在堆栈中.

There is a question about HTTPS versus HTTP, but I'm interested in looking lower in the stack.

(我替换了短语数量级"以避免混淆；我将它用作非正式行话而不是正式的 CompSci 意义.当然，如果我有正式的意思，作为真正的极客，我会考虑二进制而不是十进制！;-)

(I replaced the phrase "order of magnitude" to avoid confusion; I was using it as informal jargon rather than in the formal CompSci sense. Of course if I had meant it formally, as a true geek I would have been thinking binary rather than decimal! ;-)

更新

根据评论中的每个请求，假设我们讨论的是持久连接上的大尺寸消息(范围为 1k-10k).因此，连接设置和数据包开销不是重要问题.

Per request in comment, assume we're talking about good-sized messages (range of 1k-10k) over persistent connections. So connection set-up and packet overhead are not significant issues.

推荐答案

数量级:零.

换句话说，当您添加 TLS 时，您不会看到吞吐量减半或类似的情况.对重复"问题的回答主要关注应用程序性能，以及与 SSL 开销的比较.此问题明确排除了应用程序处理，并试图将非 SSL 与仅 SSL 进行比较.虽然在优化时从全局角度看待性能是有道理的，但这不是这个问题所要问的.

In other words, you won't see your throughput cut in half, or anything like it, when you add TLS. Answers to the "duplicate" question focus heavily on application performance, and how that compares to SSL overhead. This question specifically excludes application processing, and seeks to compare non-SSL to SSL only. While it makes sense to take a global view of performance when optimizing, that is not what this question is asking.

SSL 的主要开销是握手.这就是昂贵的非对称加密发生的地方.协商后，使用相对有效的对称密码.这就是为您的 HTTPS 服务启用 SSL 会话非常有帮助的原因，其中建立了许多连接.对于长期连接，这种最终效果"并不那么重要，会话也没有那么有用.

The main overhead of SSL is the handshake. That's where the expensive asymmetric cryptography happens. After negotiation, relatively efficient symmetric ciphers are used. That's why it can be very helpful to enable SSL sessions for your HTTPS service, where many connections are made. For a long-lived connection, this "end-effect" isn't as significant, and sessions aren't as useful.

这是一个有趣的轶事.当 Google 将 Gmail 切换到使用HTTPS，不需要额外的资源；没有网络硬件，没有新主机.它只增加了大约 1% 的 CPU 负载.

Here's an interesting anecdote. When Google switched Gmail to use HTTPS, no additional resources were required; no network hardware, no new hosts. It only increased CPU load by about 1%.

这篇关于SSL 带来了多少开销?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！