SSL Slowdown: The Downside Of A Super Secure Website (and How To Avoid It)

Whether you’re adding an alarm system to your home or putting nachos in a lockbox because you just can't control your late night cravings, you probably realize that adding more security to something not only adds more protection, but it also adds to the amount of time it takes to access whatever you've secured.

At first you may think that it's a worthwhile trade-off. But imagine how you’ll feel when you’re trying to reach that bag of chips at one in the morning and you can’t get the padlock open, or you’re trying to get in the front door with four grocery bags on each arm, and attempting to enter a four-digit code with your pinky.

Take those feelings, and then add an even bigger dash of impatience and unreasonableness. That’s approximately how your website’s users feel about the extra time it takes to get to your website if you’re using SSL. But if you need SSL, you need SSL, so what to do?

What SSL does

SSL stands for secure sockets layer, and it’s a security technology used to establish encrypted connections between a browser and a website. It basically works by building on the standard TCP handshake, which is what occurs when a browser first connects to a website. The browser sends a connection request to the website’s server, the server responds with an acknowledgment, and then the browser sends back an acknowledgment of its own. And just like that, a user is free to use a website.

As CDN provider Imperva Incapsula explains, the SSL handshake tacks a few extra steps onto the TCP handshake. In addition to the request and acknowledgments, the browser and server also have to agree on a method of encryption, go through a verification process, and then generate the keys that will encode and decode the information exchanged between the user and the website.

What SSL also does

As you’ve probably inferred, adding those extra steps into the handshake process increases how long it takes to complete that handshake, and therefore increases how long it takes for a user to connect to a website.

While the standard TCP handshake takes just one round trip, an SSL handshake requires an additional two round trips, at least. So it essentially triples how long it takes for a user to connect. That wouldn’t be such a big deal, except that we live in a time of a seemingly endless internet populated with an untold number of competing websites. People aren’t willing to stick around. If your website takes too long, they’ll abandon it for a competitor.

A price that must be paid…or is it?

Websites that require encryption simply cannot go without SSL, no matter what it does to their site speeds. It’s unconscionable. The websites that require SSL are the ones that are in the business of exchanging any personal or sensitive information – emails, logins and passwords, not to mention phone numbers, home addresses and financial information.

If any of this data goes unencrypted, it's left open to man in the middle attackers that position themselves between the browser and website, eavesdropping on this very confidential information with ease. With SSL, all these attackers will ever see is garbled cryptography, which they will not be able to unscramble.

The benefits of SSL far outweigh the cost of a slower website, but try telling that to website and business owners who are losing conversions and sales due to lag. Good thing then that there’s a way to speed a secure website right back up again.

CDN – reducing travel time

A content delivery network (CDN) is a worldwide network of cache servers designed to serve up a website’s content to users as fast as possible. The main way it does this is by cutting down the physical distance between users and servers – each user is redirected to the server closest to them, reducing how far data has to travel. This speeds up the round trip time of a website, which means that the benefits are tripled when it comes to the SSL handshake, which requires three round trips.

A CDN also majorly boosts site speed by caching content in each of its servers, eliminating many lengthy trips to the origin server. It offers other benefits as well, such as built-in load protection, DDoS protection, network optimization and bandwidth and resource management, making it an excellent option for anyone with a website, not just those with encrypted sites.

Think of a CDN like a home alarm system that offers all the protection you need, but recognizes you by the smell of your hair as you breeze through the door so you don’t actually have to spend any extra time trying to get through security.  Stop locking up your nachos and you’re looking at a pretty ideal world.