使用带有apache的TLS会有什么性能影响?

时间:2021-01-16 16:53:53

How much of a performance hit will running everything over TLS do to my server? I would assume this is completely ignorable in this day and age? I heard once that servers today could encrypt gigabytes of data per second, is that true? And if so, is it linearly scalable so that if top speed is 10GB/second, encrypting 1GB would take 0.1 second?

通过TLS运行的所有内容对我的服务器有多大影响?我认为在这个时代这完全可以忽略不计?我曾经听说过,今天的服务器每秒可以加密千兆字节的数据,这是真的吗?如果是这样,它是否可线性扩展,如果最高速度为10GB /秒,加密1GB需要0.1秒?

I'm not in some kind of pickle with any admin over this (yet). I'm just curious and if I can mostly ignore the hit, why not just encrypt everything?

对于任何管理员而言,我并没有采取任何形式的腌制(还)。我只是很好奇,如果我可以大多忽略命中,为什么不加密一切?

1 个解决方案

#1


3  

Performance Analysis of TLS Web Servers (pdf), a paper written at Rice University, covered this topic back in 2002, and they came to this conclusion:

TLS Web服务器的性能分析(pdf)是赖斯大学的一篇论文,它在2002年讨论了这个主题,他们得出了这样的结论:

Apache TLS without the AXL300 served between 149 hits/sec and 259 hits/sec for the CS trace, and between 147 hits/sec and 261 hits/sec for the Amazon trace. This confirms that TLS incurs a substantial cost and reduces the throughput by 70 to 89% relative to the insecure Apache.

没有AXL300的Apache TLS在CS跟踪中为149次点击/秒和259次点击/秒之间提供服务,在亚马逊跟踪时为147次点击/秒和261次点击/秒之间。这证实了相对于不安全的Apache,TLS会产生大量成本并将吞吐量降低70%到89%。

So without the AXL300 board, which offloads encryption, there was a reduction in throughput of 70-89% on a PIII-933MHz. However, they note in the next section that as CPU speeds increase, the throughput is expected to increase accordingly. So since 2002, you may find that there is no noticeable difference for your workload.

因此,如果没有卸载加密的AXL300板,PIII-933MHz的吞吐量会降低70-89%。但是,他们在下一节中指出,随着CPU速度的增加,吞吐量预计会相应增加。因此,自2002年以来,您可能会发现您的工作量没有明显差异。

#1


3  

Performance Analysis of TLS Web Servers (pdf), a paper written at Rice University, covered this topic back in 2002, and they came to this conclusion:

TLS Web服务器的性能分析(pdf)是赖斯大学的一篇论文,它在2002年讨论了这个主题,他们得出了这样的结论:

Apache TLS without the AXL300 served between 149 hits/sec and 259 hits/sec for the CS trace, and between 147 hits/sec and 261 hits/sec for the Amazon trace. This confirms that TLS incurs a substantial cost and reduces the throughput by 70 to 89% relative to the insecure Apache.

没有AXL300的Apache TLS在CS跟踪中为149次点击/秒和259次点击/秒之间提供服务,在亚马逊跟踪时为147次点击/秒和261次点击/秒之间。这证实了相对于不安全的Apache,TLS会产生大量成本并将吞吐量降低70%到89%。

So without the AXL300 board, which offloads encryption, there was a reduction in throughput of 70-89% on a PIII-933MHz. However, they note in the next section that as CPU speeds increase, the throughput is expected to increase accordingly. So since 2002, you may find that there is no noticeable difference for your workload.

因此,如果没有卸载加密的AXL300板,PIII-933MHz的吞吐量会降低70-89%。但是,他们在下一节中指出,随着CPU速度的增加,吞吐量预计会相应增加。因此,自2002年以来,您可能会发现您的工作量没有明显差异。