SSL is always going to be slower for a few reasons: 1. Cryptography takes time 2. SSL like must be negotiated for each connection, adding time and latency to the transaction.
You don't say how much of a slow down you're seeing. Or what your hardware is like. It is very possible all the slow down you're seeing is due to the CPU overhead needed for SSL plus the connection negotiation latency. j On Thursday 24 March 2011, Ben Hayden elucidated thus: > I recently added in a test SSL setup to my mod_wsgi application to > make sure it was all gravy, but to my surprise, my app significantly > slower when rendering dynamic HTML/CSS that is being generated and > returned from mod_wsgi. When accessing the application under http and > not https, its speed is not an issue at all. Here's my config: > > <VirtualHost *:80> > ServerAdmin [email protected] > ServerName example.com > ErrorLog /var/log/httpd/error_log > > DocumentRoot /srv/nfs/example/www > > Alias /htc/ /srv/nfs/example/www/htc/ > Alias /img/ /srv/nfs/example/www/img/ > Alias /js/ /srv/nfs/example/www/js/ > Alias /maintenance/ /srv/nfs/example/www/maintenance/ > Alias /pdf/ /srv/nfs/example/www/pdf/ > Alias /soap/ /srv/nfs/example/www/soap/ > Alias /swf/ /srv/nfs/example/www/swf/ > Alias /utils/ /srv/nfs/example/www/utils/ > > <Directory /srv/nfs/example/www> > Order deny,allow > Allow from all > > # Insert filter > SetOutputFilter DEFLATE > > # Netscape 4.x has some problems... > BrowserMatch ^Mozilla/4 gzip-only-text/html > > # Netscape 4.06-4.08 have some more problems > BrowserMatch ^Mozilla/4\.0[678] no-gzip > > # MSIE masquerades as Netscape, but it is fine > # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html > > # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 > # the above regex won't work. You can use the following > # workaround to get the desired effect: > BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html > > # Don't compress images > SetEnvIfNoCase Request_URI \ > \.(?:gif|jpe?g|png)$ no-gzip dont-vary > > # Make sure proxies don't deliver the wrong content > Header append Vary User-Agent env=!dont-vary > </Directory> > > WSGIScriptAlias / /srv/nfs/example/apache/example.wsgi > WSGIDaemonProcess example.com user=apache group=apache > processes=2 threads=5 display-name=%{GROUP} home=/tmp > WSGIProcessGroup example.com > > </VirtualHost> > > <VirtualHost *:443> > ServerAdmin [email protected] > ServerName example.com > > DocumentRoot /srv/nfs/example/www > > Alias /htc/ /srv/nfs/example/www/htc/ > Alias /img/ /srv/nfs/example/www/img/ > Alias /js/ /srv/nfs/example/www/js/ > Alias /maintenance/ /srv/nfs/example/www/maintenance/ > Alias /pdf/ /srv/nfs/example/www/pdf/ > Alias /soap/ /srv/nfs/example/www/soap/ > Alias /swf/ /srv/nfs/example/www/swf/ > Alias /utils/ /srv/nfs/example/www/utils/ > > ErrorLog ssl_error_log > TransferLog ssl_transfer_log > CustomLog syslog access > > SSLEngine on > SSLProtocol all -SSLv2 > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW > SSLCertificateFile /etc/httpd/ssl.d/trac.crt > SSLCertificateKeyFile /etc/httpd/ssl.d/trac.key > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > CustomLog logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > <Directory /srv/nfs/example/www> > Order deny,allow > Allow from all > > # Insert filter > SetOutputFilter DEFLATE > > # Netscape 4.x has some problems... > BrowserMatch ^Mozilla/4 gzip-only-text/html > > # Netscape 4.06-4.08 have some more problems > BrowserMatch ^Mozilla/4\.0[678] no-gzip > > # MSIE masquerades as Netscape, but it is fine > # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html > > # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 > # the above regex won't work. You can use the following > # workaround to get the desired effect: > BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html > > # Don't compress images > SetEnvIfNoCase Request_URI \ > \.(?:gif|jpe?g|png)$ no-gzip dont-vary > > # Make sure proxies don't deliver the wrong content > Header append Vary User-Agent env=!dont-vary > </Directory> > > WSGIScriptAlias / /srv/nfs/example/apache/example.wsgi > WSGIDaemonProcess ssl.example.com user=apache group=apache > processes=2 threads=5 display-name=%{GROUP} home=/tmp > WSGIProcessGroup ssl.example.com > > </VirtualHost> > > Any Ideas? -- Joshua Kugler Part-Time System Admin/Programmer http://www.eeinternet.com - Fairbanks, AK PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
