Transport layer security: how much does it really cost?

Abstract

The last couple of years has seen a growing momentum towards using the Internet for conducting business. One of the key enablers for business applications is the ability to setup secure channels across the Internet. The Secure Sockets Layer (SSL) protocol provides this capability and it is the most widely used transport layer security protocol. In this paper we investigate the performance of SSL both from a latency as well as a throughput point of view. Since SSL is primarily used to secure Web transactions, we use the SPECWeb96 benchmark suitably modified for use with the SSL protocol. We benchmark two of the more popular Web servers that are in use today and find that they are a couple of orders of magnitude slower when it comes to serving secure Web pages. We investigate the reason for this deficiency by instrumenting the SSL protocol stack with a detailed profiling of the protocol processing components. Based on our findings we suggest two modifications to the protocol that reduce the latency as well as increase the throughput at the server.