HTTPS performance

[gdinak]

Hello. This is a general topic, but I was hoping if you guys had any inputs. We have been contemplating using encrypted communication inside our private networks that runs behind a single secured endpoint. We were trying to analyze the performance impact of switching from HTTP to HTTPS and it looks like the throughput (requests/second) drops close to ~half of what it was when using HTTP.

The analysis was done using a simple client/server application.

Server: Standard D4s v3, 4 vCPUs, 16 GiB RAM, Windows 2012-R2 Datacenter
Uses a self-signed certificate. Returns a default OK response for any request.

Server setup:

       var config = new ConfigurationBuilder()
                .SetBasePath(Directory.GetCurrentDirectory())
                .AddJsonFile("appsettings.json")
                .Build();

       Host.CreateDefaultBuilder()
                .ConfigureWebHostDefaults(webHosBuilder =>
                 webHosBuilder.UseKestrel(options =>
                 {
                     options.Listen(IPAddress.Any, 5000, listenOptions =>
                     {
                         listenOptions.Protocols = httpVersion;
                     });

                     options.Listen(IPAddress.Any, 443, listenOptions =>
                     {
                         listenOptions.Protocols = httpVersion;
                         listenOptions.UseHttps(config["CertPath"]);
                     });
                 })
                 .UseStartup<Startup>()
                 .UseEnvironment(Environments.Production)).Build()
                 .Run();

Startup has a single configure method:

        public void Configure(IApplicationBuilder app)
        {
            app.Run(async (context) =>
            {
                await context.Response.WriteAsync("Good");
            });
        }

Client: Standard DS4 v2, 8 vCPUs, 28 GiB RAM, Windows 2012-R2 Datacenter
Uses dotnet HttpClient with many concurrent tasks that ensures server resources are saturated in both tests.

We just wanted to put this out there and see if anything looks off, and if there were any server specific options that could diminish this gap.

[Tratcher]

@sebastienros @halter73

[sebastienros]

This is expected, and known. We already track this metric, and here is our result on Windows with a Json payload:

Also your example is theorically a best case, since you are reusing connections. It might be worst in production if you have short lived connections, as the https handshake will be re-executed.

You might try to see if adding an ssl termination proxy like nginx would improve the performance, but it might not be the case depending on the actual load you get.

This kind of "issue" is hardly actionable, as you obviously can't get as fast as without https, and it's hard to say what is "acceptable". Also depending on the payload and the server-side code results will change.

Our current goal is to compare our https performance to other platforms so we understand if there are gaps we can work on.

[gdinak]

You are right. It can never get as fast as without https. We were definitely expecting some impact. And this was uniform across various payload sizes and type of REST calls.

Thanks for responding! We will see if nginx is applicable for us.