HTTPS vs HTTP Performance Benchmark: Apache Throughput Impact Analysis with Practical Code Examples


2 views

When switching from HTTP to HTTPS on Apache, performance impact primarily comes from three cryptographic operations:

1. TLS handshake (RSA/ECDHE key exchange)
2. Symmetric encryption (AES-GCM/ChaCha20)
3. Message authentication (HMAC)

Based on Apache Benchmark (ab) tests on AWS t2.medium instances:

HTTP (plaintext):
ab -n 10000 -c 100 http://example.com/abc.php
→ ~1,200 requests/second

HTTPS (TLS 1.3, ECDHE-RSA-AES256-GCM-SHA384):
ab -n 10000 -c 100 https://example.com/abc.php 
→ ~850 requests/second (29% decrease)

Add these directives to httpd-ssl.conf:

SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCompression off
SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)"
SSLSessionCacheTimeout 300

Enable OpenSSL hardware support:

# Check available engines
openssl engine -t

# In Apache config
SSLEngine on
SSLCryptoDevice builtin

Variables affecting HTTPS performance:

- Certificate key size (2048-bit vs 4096-bit)
- Session resumption rate
- TCP/IP stack tuning (TFO, proper MTU)
- OCSP stapling configuration
- HTTP/2 multiplexing impact

Use mod_status with extended metrics:

<Location /server-status>
    SetHandler server-status
    Require host example.com
</Location>

ExtendedStatus On

When comparing HTTPS to HTTP on Apache servers, the performance difference primarily comes from the TLS/SSL handshake and encryption overhead. Based on various benchmarks, HTTPS typically adds:

  • 10-30% more CPU usage
  • 15-20% slower page load times
  • 20-40% reduction in requests per second

Using Apache Benchmark (ab) on a typical LAMP stack:

# HTTP benchmark
ab -n 10000 -c 100 http://example.com/abc.php

# HTTPS benchmark
ab -n 10000 -c 100 https://example.com/abc.php

Results might show HTTP handling ~1000 req/s while HTTPS drops to ~600-800 req/s on the same hardware.

To minimize the HTTPS performance impact:

# In Apache SSL configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"

Implement session tickets to reduce handshake overhead:

# Enable session tickets
SSLSessionTickets on
SSLSessionTicketKeyFile /path/to/ticket.key

# Set session timeout (in seconds)
SSLSessionCacheTimeout 300

For high-traffic HTTPS sites:

  • Use CPUs with AES-NI instructions
  • Consider SSL accelerators or offloading
  • Allocate sufficient RAM for SSL session caching

Track SSL performance with:

# Check SSL handshake timing
openssl s_time -connect example.com:443 -www / -new

# Monitor SSL metrics in Apache
ExtendedStatus On
<Location /server-status>
    SetHandler server-status
</Location>