HTTPS vs HTTP speed comparison

Question

Update 2013-04-25:

This is a popular question that is getting more attention than it probably should. In order to stop the spread of misinformation please read the following paragraphs and the accompanying article first:

Speed should not be a factor in deciding whether to use HTTPS or HTTP. If you need HTTPS for any part of your site (log-ins, registration, credit cards, etc), you absolutely need HTTPS for all of it, all the time.

Please read SSL is not about encryption by Troy Hunt for the reasons why.

---

I'm considered running my entire e-commerce website under https. I decided to run a crude benchmark to measure the download time of a 156KB image through https vs http because I had read that https is burdened with additional overhead from the encryption process.

Benchmark was performed using Firefox's Firebug simply by transcribing the "Waiting" and "Receiving" times (all other times are 0) to Excel from the Net panel when downloading the image from an empty cache.

My results were unexpected:

http: 11.233 seconds Waiting     Receiving   Total  1.56        0.88        2.44  1.55        0.101       1.651  1.53        0.9         2.43  1.71        0.172       1.882  1.9         0.93        2.83   https: 9.936 seconds Waiting     Receiving  Total 0.867       1.59       2.457 0.4         1.67       2.07 0.277       1.5        1.777 0.536       1.29       1.826 0.256       1.55       1.806 

[Obvious] Observations from benchmark:

• The server response is faster but the download time is slower for https than http.
• https is faster overall by a significant amount (~10%).

Can anyone explain why this would happen?
Do you think a document (html,css,javascript) will give different results?
Does anyone have a better method of benchmarking downloads?

---

Here is the test image:

[test image removed]

Additional Information:

• The website is on a shared hosting account through Godaddy.com.
• If you are going to be so kind as to run your own benchmark don't add the "www" subdomain...I use the root for static content anyway.
• Uses IIS7 in Integrated Pipeline Mode.

Edit: benchmark for 1px GIF (35 bytes) below:

http: 2.666 seconds Waiting     Receiving  Total 0.122       0.31       0.432 0.184       0.34       0.524 0.122       0.36       0.482 0.122       0.34       0.462 0.126       0.64       0.766   https: 2.604 seconds Waiting     Receiving  Total 0.25        0.34       0.59 0.118       0.34       0.458 0.12        0.34       0.46 0.182       0.31       0.492 0.134       0.47       0.604 

Results: https is still faster; though trivially in this case.

If anyone sees a flaw in my benchmark let me know so I can post better results.

So, on Godaddy shared hosting at around 6:00pm on my specific server content served over https is faster than over http.

Answer 1

If you look at your times http has bigger waiting time and smaller receiving time. https on the other hand has smaller waiting time and bigger receiving time. I would interpret this as the http port on the shared hosting server is more busy, thus a request stays longer in the queue until is accepted by the server. Once accepted, the requests is transferred faster than https. On the https port there is less traffic on the server so the request is serviced faster but takes longer to transfer.

For any https vs. http comparison you'll have to take into account the bigger time to handshake each request for https compared with http. You should see worsening when doing many small requests.

Answer 2

You may also want to take into account that HTTPS documents will almost never be cached anywhere except the users browser, so you might find that while there's little difference to an individual user, an HTTP document can be significantly quicker for large numbers of people sharing a cache. (It's still quite common in some places for ISPs to put their customers through a shared proxy cache)

If it's something that you don't mind users sharing, of course.