DoneCal (my simple calendar and time sheet substitute web app) now has HTTPS support. It's not enabled yet as I'm ironing out some more testing. Basically, HTTPS is, at least at the moment, only going be available to premium users. Anyway, this is a performance story and about the difference in speed between HTTP and HTTPS.
I'll let these unscientific benchmarks speak for themselves.
donecal:~# ab -n 1000 -c 10 "http://donecal.com/api/events.json?guid=xxx&start=1292999600&end=1293294812" ... Document Length: 616 bytes Failed requests: 0 ... Requests per second: 1432.40 [#/sec] (mean) ... Transfer rate: 1184.81 [Kbytes/sec] received
.. Server Port: 443 SSL/TLS Protocol: TLSv1/SSLv3,DHE-RSA-AES256-SHA,2048,256 ... Document Length: 616 bytes Failed requests: 0 ... Requests per second: 84.73 [#/sec] (mean) ... Transfer rate: 70.08 [Kbytes/sec] received
That's quite a huge difference in requests per second. HTTPS 17 times slower than HTTP. Is this the reality of HTTPS? Or something wrong with my cert or something wrong with running HTTPS through ab?
Anyway, this pretty good me thinks anyway. The HTTP version is over 1,400 requests per second and this is a fully database, security and encoding involving application. This particular test data (616 bytes JSON) isn't big but it sure is bigger than some of the "'hello world'" benchmarks you see on the interweb.
See this new entry about enabling ssl_session_cache in Nginx