HTTP, the protocol of the web, is unencrypted by default. The solution is to use an encrypted HTTPS connection and HTTPS:// is now required by Google to rank your site (that’s what gives you the padlock symbol) . The problem is that the SSL protocol imposes a heavy burden on a website. The process of installing and maintaining SSL keys on a web server is not easy and SSL sessions add considerable CPU load to web servers and slow down web performance.
What Makes SSL Slow?
SSL imposes an additional traffic on your web site performance. The primary source of the SSL performance hit comes from the initial setup of a new connection. Before any web page data can be exchanged, a SSL session must be “negotiated” between the client and the server. This negotiation takes 5 communications to establish that your website has an SSL in place.
- Client sends request for the website to load.
- Server sends it public Key
- Server sends it public Key
- Server sends the cipher
- Data Exchanged
A screeen shot of this website load illustrates the wait of 112 milli seconds for the load of our SSL certificate. This is ok, we have seen 300ms up to 1020 ms on some site’s.
How to make SSL fast
If you have multiple resources on your web page on different domains, (think images, fonts etc.) your visitors’ browsers will need to negotiate an SSL session for each domain. Because each SSL session requires at least 4 additional exchanges, the time starts to add up just to get your SSL certificates verified.
SSL certificates are issued by a certificate authority (CA). The CA attests that the website behind the certificate is who they say they are. Sometimes, after a certificate is issued, it is lost or compromised and needs to be revoked. CAs maintain a list of certificates that have been revoked, known as a Certificate Revocation List (CRL). Browsers, when they access a SSL-protected site, can query to download a CA’s CRL and parse the list to see if a particular site is on it. Alternatively, they can issue a request via the Online Certificate Status Protocol (OCSP) to check if a particular site has had its certificate revoked. To add insult to injury, most CAs don’t yet accept IPv6 requests.
This all takes time and your website visitor ain’t going to wait around for your SSL to talk to your certificate authority (CA)
Speeding Up SSL
First, limit the number of connections that a browser needs to make to connect to your website. This reduces the number of session initiation handshakes that need be made. We can help you identify how much speed you can knock off your current site by just managing your SSL connections better.
Next, getting a faster SSL certificate provider or optimising your CDN could help. You could try simplifying your SSL setup, maybe your certificates are chained using a number of intermediate certificates which will lead to further delays.
And finally new technologies are on the way to speed up SSL communication and verification, contact us today and we can update your on the latest trends and technologies.