Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Does HTTPS site run slow than HTTP? If yes, please explain reasons?

user-image
Question added by Muhammad Majid Saleem , Senior PHP Developer / Project Manager , SwaamTech
Date Posted: 2013/11/18
Hamzeh Abu Zakham
by Hamzeh Abu Zakham , Director of Software Development , bayt.com

Usually HTTPS will require additional effort both on client and server to establish the connection, and to do encryption / decryption of transmited/recieved data.

 

Moreover , HTTPS is not cachable, so resources and page HTML is going to be requested again on each call, HTTP caching header are meaningless to HTTPS request.

Atif Aqeel
by Atif Aqeel , Founder And Director , Xesense

Thier are some reson why HTTPS are slow then HTTP

 

HTTPS Never Caches

SSL Certificates Should Be Pass

Each HTTPS Site Needs its Own Public IP Address

 

 

Using HTTPS isn’t going to make your site faster (actually it can – see below) but the overhead is mostly avoidable by following the tips in our HTTPS Performance Tuning blog post.

The amount of CPU resource required to encrypt the data can be reduced by compressing textual content and is usuallynot a significant on servers with modern CPUs.

Extra TCP level round-trips are required to setup HTTPS connections and some additional bytes have to be sent and received. However, you can see in HttpWatch that this overhead is small once the HTTPS connection has been made:

The initial visit to an HTTPS site is somewhat slower than HTTP due to the longer connection times required to setup SSL. Here’s a time chart of the page load for an HTTP site recorded in HttpWatch:

And here’s the same site accessed over HTTPS:

The longer connection times caused the initial page load to be about10% slower. However, once the browser has active keep-alive HTTPS connections a subsequent refresh of the page shows very little difference between HTTP and HTTPS.

First, the page refresh with HTTP:

and then with HTTPS:

It’s possible that some users may even find that the HTTPS version of a web site is faster than HTTP. This can happen if they sit behind a coporate HTTP proxy that normal intercepts, examines and records web traffic. An HTTPS connection will often just be forwarded as a simple TCP connection through the proxy because HTTPS traffic cannot be intercepted. It’s this bypassing that can lead to improved performance.

UPDATE: A blog post by F5 challenges the claim the CPU overhead of SSL is no longer significant, but most of their arguments are refuted in this follow up.

 

Anything can go in Cookies and Query Strings with HTTPS

Zaid Rabab'a
by Zaid Rabab'a , Technical Team Lead , ESKADENIA Software

I supprot Hamzeh Abu Zakham & Atif Aqeel Answers

 

Https slower than Http :

 

HTTPS Never CachesSSL Certificates Should Be PassEach HTTPS Site Needs its Own Public IP Address

Deleted user
by Deleted user

What has been explained by Hamzeh is totally right, i'll give you more explanation about this from a TCP/IP perspective:

 To open a TCP/IP connection requires3 packets to be exchanged between the client and the server. The connection is then considered established, and the client can submit its request.

When SSL is added on top of the TCP/IP connection there are several additional interactions that have to happen before the connection is considered established.

Unless the latency is negligible between the client and the server (read, the same network), then it is likely that this additional latency, due to the additional round trips to exchange SSL handshaking data, not the CPU overhead of calculating the key material, is the major factor in the delay in establishing an SSL connection.

 

 

Fadi Alkhateeb
by Fadi Alkhateeb , Senior Front End Developer , NexTwo

Answers given by Specialists here are correct, mainly what make Https slower is the cost of security in passing certification and connection for page :

 

 

But it doesn't mean that you can't solve issue of slowness, from what i read in below article considering HTTPS diffrencense from HTTP as (MYTH) and explaining why and solutions for some cases:

 

Top7 Myths about HTTPS

Mohamad JAvad Khazali
by Mohamad JAvad Khazali , Information Security Expert , Saman Bank

Yes!

One layer(ssl) is add to http. this method have overhead than http for encrypted data.

Best Regards

hussam alqaza
by hussam alqaza , Senior Software Engineering , cloudview

Yes, sure in HTTPS connection it must do some encryption and decription for each request between the server side and client side  by RSA and  AES whith IV

 

 

 

Faisal Raza Faisal
by Faisal Raza Faisal , Web Design Project Manager , Kat systems

Due to security options enable

More Questions Like This