Troubleshooting And Improving HTTPS/TLS Connection Performance
Our team has struggled with slow calls to the back-end, resulting in unpleasant, user-perceivable delays. While a direct (HTTP) call to a backend REST service took around 50ms, our median time was around 300ms (while using HTTPS and a proxy between us and the service).
We have just decreased that time to median of 80ms by making sure to keep the connections alive and reusing them, which in Node.js can be achieved via using an https.agent and setting its keepAlive: true (see the Node TLS documentation).
PayPal has a couple of additional useful tips in their 4/2014 post Outbound SSL Performance in Node.js, mainly:
The article SSL handshake latency and HTTPS optimizations (via Victor Danell) explains the ± 3.5* higher cost of SSL due to the 3 roundtrips need for the handshake (+ key generation time) and shows how to use curl to time connections and their SSL parts, as well as how to use OpenSSL and Tcpdump to learn even more about it.
See also IsTlsFastYet.com for a lot of valuable information, benchmarks etc.
(See the articles linked to above for examples)
We have just decreased that time to median of 80ms by making sure to keep the connections alive and reusing them, which in Node.js can be achieved via using an https.agent and setting its keepAlive: true (see the Node TLS documentation).
PayPal has a couple of additional useful tips in their 4/2014 post Outbound SSL Performance in Node.js, mainly:
- Disable expensive SSL ciphers (if you don't need their strength)
- Enable SSL session resume, if supported by the server, for shorter handshakes - the StrongLoop post "How-to Improve Node.js HTTPS Server Performance" explains how to enable SSL session resume
- Keep Alive
The article SSL handshake latency and HTTPS optimizations (via Victor Danell) explains the ± 3.5* higher cost of SSL due to the 3 roundtrips need for the handshake (+ key generation time) and shows how to use curl to time connections and their SSL parts, as well as how to use OpenSSL and Tcpdump to learn even more about it.
See also IsTlsFastYet.com for a lot of valuable information, benchmarks etc.
Tools
(See the articles linked to above for examples)
- curl
- openssl s_client
- pathchar by the traceroute author, intended to help to "find the bandwidth, delay, average queue and loss rate of every hop between any source & destination"; there is also pchar, based on it