Your SlideShare is downloading. ×
Web performance across the HTTP to HTTPS transition
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Web performance across the HTTP to HTTPS transition

1,210
views

Published on

Velocity 2010 Ignite talk - http://velocityconf.com/velocity2010/public/schedule/detail/15574

Velocity 2010 Ignite talk - http://velocityconf.com/velocity2010/public/schedule/detail/15574

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,210
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
27
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Web performance across the HTTP to HTTPS transition Sean Walbran swalbran@digitalriver.com
  • 2. Meeting peoplehttp://commons.wikimedia.org/wiki/File:MNSF_Crowds.JPG
  • 3. HTTP is for everybody
  • 4. HTTPS is for relationships http://commons.wikimedia.org/wiki/File:RoyalBicycleBuiltForTwoBastilleDay2008.jpg
  • 5. HTTPS is for sharing secrets
  • 6. Performance at the transition is crucial
  • 7. Slow by default
  • 8. It’s complicated• Network• Encryption overhead• CDN• Browser cache• Prefetching & security• …and more
  • 9. Network• All new sockets• Additional RTT each Connect ahead Keep alive
  • 10. Encryption overheadServer side: -75% cpu by offloading*Client side: ~2x cpu vs. HTTPMobile / Netbook impact=> Reduce Offload Prefetch * admittedly, a years-old metric
  • 11. CDNHTTPS == LRUzer
  • 12. CDNNot all PoPs are created equal 10ms to their HTTP-only corporate domain 30ms to our HTTPS-enabled domain Use separate domains for HTTP & HTTPS Prefetch
  • 13. Browser cachehttp://www.flickr.com/photos/43426549@N00/1812312679/
  • 14. Browser cache Suddenly empty!Trust: only HTTPS content on HTTPS pagesBrowser: HTTPS url’s are differentSchemeless URL’s don’t help <a href=“//example.com/image.png”>
  • 15. Browser cache: Firefox HTTPS content is cached only in memory by default Set Cache-Control: public https://bugzilla.mozilla.org/show_bug.cgi?id=531801
  • 16. Browser cache: IE“WinINET will not reuse a previously-cachedresource delivered over HTTPS until at leastone secure connection to the target host hasbeen established by the current process.” http://blogs.msdn.com/b/ieinternals/archive/2010/04/21/internet- explorer-may-bypass-cache-for-cross-domain-https-content.aspx Connect ahead, prefetch
  • 17. Prefetch to the rescue
  • 18. HTTPS prefetch quirksFirefox + jquery, in HTTP context$.ajax( https script url ) => 0 byte cache entry => key: anon&uri=https://…new Image().src = https script url => 0 byte cache entry => 206/partial content next fetch
  • 19. Summary• HTTPS transition matters – it’s the first date• Slow by default• Reasons are many Prefetch, but verify it’s working Tune for CDN and browser cache quirks Minimize socket creation