SSL requires a 7-step handshake between the two systems in order to establish an SSL connection before any data can be passed. This handshake also requires multiple cryptographic operations including generation of a fairly small random number, as well as disk accesses of the digital certificate files for authentication. SSL session establishment takes a bit of time. To compensate for this, most SSL implementations will cache connections between two systems so that what appears to the application writer as a second session, runs over an existing SSL connection. Even so, there is some overhead in the encryption once the session has been established.
This doesn't mean you should avoid SSL, but you definitely can't expect it to be as fast as a plaintext connection. On Fri, 30 Aug 2002, jerome wrote: > would there be a difference between an http post compared to an https post in > terms of speed? >
