北八ヶ岳連峰(高見石)


Date/Time: 2014:01:05 16:36:41
Camera: Panasonic
Model: DMC-LX2
Exporsure Time: 1/125
FNumber: 4.0
Aperture Value: 4.0
Focal Length: 10.0

Close

y2blog » 常時SSL化してみたけれど...

8

04

2018

常時SSL化してみたけれど...

常時SSL化を試して見る


巷ではGoogle大先生にかまって欲しくてWebサイトを皆常時SSL化しているようだ.個人情報や決済情報などの機微な情報は兎も角として、このサイトのように単純な技術情報を公開しているだけのサイトでは暗号化する意味は殆どないと言って良いだろう.


むしろ暗号化の処理が増える分、サイトのスピードは大幅に犠牲になるので、ユーザビリティーは犠牲になる.つまり常時SSL化によるメリットよりもデメリットの方が圧倒的に大きいと言えるだろう.


常時SSL化によって得をする人は、サーバやCPUなどのハードウェアを作っている人達か、はたまたクラウドサービス業者やレンタルサーバ業者だろうか.


エンタープライズ系の用途では、常時SSL化を行うにはF5やA10などのADCやロードバランサーを導入しないと厳しいかもしれない.AWSのELBとの組みあわせで自動スケーリングという手法もあるけど、いずれにしろコンピュータリソースのコストは大幅な上昇をすることは間違いなしだ.


今は ConoHa VPSで Mem: 2GB, 3 x vCPU だけど、もう少し上のクラスに変えないと厳しいかもしれない...


SSL化した場合のレスポンスを、簡単なベンチマークで比較してみた.



[xxxx@y2web httpd]% ab -n 20000 -c 1 http://localhost/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking localhost (be patient)
Completed 2000 requests
Completed 4000 requests
Completed 6000 requests
Completed 8000 requests
Completed 10000 requests
Completed 12000 requests
Completed 14000 requests
Completed 16000 requests
Completed 18000 requests
Completed 20000 requests
Finished 20000 requests


Server Software:        Apache/2.4.6
Server Hostname:        localhost
Server Port:            80

Document Path:          /
Document Length:        5674 bytes

Concurrency Level:      1
Time taken for tests:   11.835 seconds
Complete requests:      20000
Failed requests:        0
Write errors:           0
Total transferred:      121180000 bytes
HTML transferred:       113480000 bytes
Requests per second:    1689.86 [#/sec] (mean)
Time per request:       0.592 [ms] (mean)
Time per request:       0.592 [ms] (mean, across all concurrent requests)
Transfer rate:          9998.87 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.0      0       1
Processing:     0    1   0.4      0      16
Waiting:        0    0   0.4      0      16
Total:          0    1   0.4      0      16
ERROR: The median and mean for the processing time are more than twice the standard
       deviation apart. These results are NOT reliable.
ERROR: The median and mean for the total time are more than twice the standard
       deviation apart. These results are NOT reliable.

Percentage of the requests served within a certain time (ms)
  50%      0
  66%      1
  75%      1
  80%      1
  90%      1
  95%      1
  98%      1
  99%      2
 100%     16 (longest request)


[xxxx@y2web httpd]% ab -n 20000 -c 1 https://localhost/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking localhost (be patient)
Completed 2000 requests
Completed 4000 requests
Completed 6000 requests
Completed 8000 requests
Completed 10000 requests
Completed 12000 requests
Completed 14000 requests
Completed 16000 requests
Completed 18000 requests
Completed 20000 requests
Finished 20000 requests


Server Software:        Apache/2.4.6
Server Hostname:        localhost
Server Port:            443
SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-AES256-GCM-SHA384,2048,256

Document Path:          /
Document Length:        5674 bytes

Concurrency Level:      1
Time taken for tests:   77.341 seconds
Complete requests:      20000
Failed requests:        0
Write errors:           0
Total transferred:      121180000 bytes
HTML transferred:       113480000 bytes
Requests per second:    258.60 [#/sec] (mean)
Time per request:       3.867 [ms] (mean)
Time per request:       3.867 [ms] (mean, across all concurrent requests)
Transfer rate:          1530.11 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        2    3   0.7      3      20
Processing:     0    1   0.7      1      23
Waiting:        0    1   0.7      1      23
Total:          3    4   1.1      4      29

Percentage of the requests served within a certain time (ms)
  50%      4
  66%      4
  75%      4
  80%      4
  90%      5
  95%      6
  98%      7
  99%      8
 100%     29 (longest request)
[xxxx@y2web httpd]% 

単純にSSL化するとパフォーマンスは 約1/7に落ちてしまっている.果たしてこのまま常時SSL化を続けるのか、それとも元に戻した方が良いのか...どうしたものか?