Fast and Secured: Performance Impact of SSL

Our customers always ask what the impact of SSL on performance is. Everyone knows SSL uses more resources. The question is how much the impact is. The following section shows the difference with and without SSL.

Sample Application - The sample application used for these tests is the C# version of the IBuySpy Store Application, more specifically the "Search" user scenario. This scenario is made up of two GET requests and one POST request that executes the actual product search. Page size vary from 25-kb to 100-kb in size and a total of 4 stored procedures get executed by these page views.

Test Environment - Microsoft ACT was used to create the script and stress the system. The hardware specifications are a dual processor 1-Ghz Compaq DL360R IIS Server with 1-gb of RAM and a quad processor 1.6-Ghz Compaq DL580-G2 SQL Server with 4.0-gb of RAM. Both NIC's have been set to 100-mbit full duplex.

Test Result

Throughput (# of Transactions in 10-minutes)
Baseline: 1401 or 2.3-per second
SSL:      1317 or 2.2-per second
Delta:    5%
ASP.NET Execution Time
Baseline: < 500-mseconds
SSL: < 500-mseconds
Delta: N/A
IIS CPU Utilization
Baseline: 6%
SSL: 30%
Delta: 24%
IIS Memory Utilization
Baseline: 4-mb in 10-minutes
SSL: 19-mb in 10-minutes
Delta: 15-mb
IIS Server Disk Utilization (Bytes/second)
Baseline: 16,935
SSL: 19,937
Delta: ~3,000-bytes/sec
IIS Server Network Utilization (Bytes Total/Second
Baseline: < 500-mseconds
SSL: < 500-mseconds
Delta: N/A

The results above show CPU utilization, network utilization, and memory consumption increase with 128-bit SSL enabled. However, throughput and ASP.NET execution time is impacted very little with SSL enabled. Basically the user experience will not be unduly influenced by the overhead of SSL for this particular set of page views. You should do your own performance testing with your application. But you can use this set of numbers for design and planning.


Another major impact of applying SSL is to caching. SSL protects sensitive data. As a rule of thumb, caching should be turned off for sensitive data. The Knowledge Base article KB234067 discusses how to turn off caching. 

Further, some web pages are developed in HTTP and there are many objects within the web page such as jpg and js files. The developer relies on caching to make the web page fast. Yet, they forget when SSL is turned on for production, these files are not cached anymore and performance degrades as a result. The solution is to keep the web page simple to begin with.

Performance Technologist

Edmund Wong