Http s://c onnectpro.puv.fi Https://connectpro.puv.fi 1/ 10.
Web performance across the HTTP to HTTPS transition
-
Upload
seanwalbran -
Category
Technology
-
view
1.229 -
download
5
description
Transcript of Web performance across the HTTP to HTTPS transition
Meeting people
http://commons.wikimedia.org/wiki/File:MNSF_Crowds.JPG
HTTP is for everybody
HTTPS is for relationships
http://commons.wikimedia.org/wiki/File:RoyalBicycleBuiltForTwoBastilleDay2008.jpg
HTTPS is for sharing secrets
Performance at the transition is crucial
Slow by default
It’s complicated
• Network
• Encryption overhead
• CDN
• Browser cache
• Prefetching & security
• …and more
Network
• All new sockets
• Additional RTT each
Connect ahead
Keep alive
Encryption overhead
Server side: -75% cpu by offloading*
Client side: ~2x cpu vs. HTTP
Mobile / Netbook impact
=> Reduce
Offload
Prefetch
* admittedly, a years-old metric
CDN
HTTPS == LRUzer
CDN
Not all PoPs are created equal
10ms to their HTTP-only corporate domain
30ms to our HTTPS-enabled domain
Use separate domains for HTTP & HTTPS
Prefetch
Browser cache
http://www.flickr.com/photos/43426549@N00/1812312679/
Browser cache
Suddenly empty!
Trust: only HTTPS content on HTTPS pages
Browser: HTTPS url’s are different
Schemeless URL’s don’t help
<a href=“//example.com/image.png”>
Browser cache: Firefox
HTTPS content is cached
only in memory
by default
Set Cache-Control: public
https://bugzilla.mozilla.org/show_bug.cgi?id=531801
Browser cache: IE
“WinINET will not reuse a previously-cached resource delivered over HTTPS until at least one secure connection to the target host has been established by the current process.”
Connect ahead, prefetch
http://blogs.msdn.com/b/ieinternals/archive/2010/04/21/internet-explorer-may-bypass-cache-for-cross-domain-https-content.aspx
Prefetch to the rescue
HTTPS prefetch quirks
Firefox + jquery, in HTTP context $.ajax( https script url ) => 0 byte cache entry => key: anon&uri=https://… new Image().src = https script url => 0 byte cache entry => 206/partial content next fetch
Summary
• HTTPS transition matters – it’s the first date
• Slow by default
• Reasons are many
Prefetch, but verify it’s working
Tune for CDN and browser cache quirks
Minimize socket creation