Performance Analysis of TLS Web Servers

Cristian Coarfa
Peter Druschel
Dan S. Wallach
TLS is the protocol of choice for securing today's e-commerce and online transactions, but adding TLS to a web server imposes a significant overhead relative to an insecure web server on the same platform. We perform a comprehensive study of the performance costs of TLS. Our methodology is to profile TLS web servers with trace-driven workloads, replacing individual components inside TLS with no-ops, and measuring the observed increase in server throughput. We estimate the relative costs of each component within TLS, predicting the areas for which future optimizations would be worthwhile. Our results we show that RSA accelerators are effective for e-commerce site workloads , because they experience low TLS session reuse. Accelerators appear to be less effective for sites where all the requests are handled by a TLS server, thus having higher session reuse rate; investing in a faster CPU might prove more effective.
Network and Distributed Systems Security Symposium '02, San Diego, California, February 2002.
PostScript (383 kbytes)
PDF (93 kbytes)

Dan Wallach, CS Department, Rice University
Last modified: Mon 10-Feb-2003 15:48