0

I'm testing HttpHelloWorldServer from netty example, I do a little change is making CONTENT larger (25KB - match my reponse size in reality). And I see a huge different performent between HTTP and HTTPS version, HTTP give me about 110k req/s, HTTPS give me ~400 req/s. So what can make HTTPS such that slower?

Test condition: Netty 5 ALPHA2
JDK8-64 bit ubuntu 14.04
CPU Core i7 8 thread 2.2 GHz
RAM 8GB
Launch example without any special JVM parameter.
My benchmark use wrk with Keep-Alive enable.

secmask
  • 7,649
  • 5
  • 35
  • 52
  • 1
    possible duplicate of [HTTP vs HTTPS performance](http://stackoverflow.com/questions/149274/http-vs-https-performance) – B.K. Nov 24 '14 at 05:46
  • On each connection, HTTPS needs to revalidate the security keys and certificates (depending on how it's setup). As to whether that's enough to decrease the performance to that level would be another question – MadProgrammer Nov 24 '14 at 05:46
  • Yep, HTTPS has it overhead, but that's too much, another version implement in NodeJS, C++, the performent different is about 50%, which more acceptable. – secmask Nov 24 '14 at 05:49
  • @B.K. I've already check that answer but I don't think that match netty example here. – secmask Nov 24 '14 at 05:51
  • @MadProgrammer No it doesn't. Any sane HTTPS server uses session caching to some extent. – user207421 Nov 24 '14 at 05:52
  • The main reason for such a dramatic performance drop would be writing tiny chunks at a time. SSL can have a 45x data explosion if you give it one byte at a time. Make sure you're buffering as much as possible. I can't speak for what Netty does under the hood however. – user207421 Nov 24 '14 at 05:53
  • @secmask The reason I referred to that post is due to the fact that HTTPS encryption overhead is not the only thing that may affect your performance. There are a lot of considerations, along with the hardware, that may exponentially decrease the performance due to the overhead involved. – B.K. Nov 24 '14 at 05:54
  • @EJP Yes, SOME extent - would you expect to get this kind of performance lose, I wouldn't think so, but there is still an additional overhead imposed by using HTTPS over HTTP – MadProgrammer Nov 24 '14 at 05:54
  • @B.K. So you mean maybe JVM is not optmize for encryption operation? – secmask Nov 24 '14 at 05:57
  • You mention you have `Keep-Alive` "enabled". Are you sure you are re-using the same connections and using [pipelining](http://en.wikipedia.org/wiki/HTTP_pipelining) where possible? I wouldn't expect the symmetric encryption overhead to be that high, but if you are constantly setting up new ssl sessions then you may be in trouble. – Scott Mitchell Dec 10 '14 at 04:12
  • @ScottMitchell: please check my EDIT section – secmask Dec 10 '14 at 05:49

1 Answers1

0

With support from netty channel, It seem that the bad performance cause by default JDK ssl implementation, Netty has a switch to use Openssl http://netty.io/wiki/forked-tomcat-native.html#wiki-h2-1, then I got a much better result.

secmask
  • 7,649
  • 5
  • 35
  • 52