[support] Drupal on HTTPS

Daniel Carrera daniel.carrera at zmsl.com
Thu Oct 23 20:10:54 UTC 2008 

Thanks. I guess I might need to benchmark during a high period and see.

The website generally doesn't get a lot of hits, and we don't serve very 
large files. It's mostly text. But we might see more traffic on the last 
week of school.

Metzler, David wrote:
> It depends on many factors. The primary performance concern is
> encrypt/decrypt of the data and its impact on cpu.  Image files, large
> pdf documents, etc when encrypted can cause CPU performance impact.   If
> your browsers cache much of this content it's not a huge load, but of
> course you need to think about how many concurrent hits you're likely to
> get on your site. 
> 
> Also understand that this means that the clients need to decrypt the
> data. So again if you're sending say a big .wav file to grandmas 6 year
> old computer that is loaded with AV software and that old clunker has to
> decrypt the content and then scan it for viruses, well grandma may
> decide not to watch that movie after all. 
> 
> I guess what I'm saying is that if you're doing regular text, with small
> numbers of images and you don't expect an insane amount of hits, and
> you're not shared hosting, and you're server is reasonably current as
> far as CPU is concerned, you probably aren't going to notice too much. 
> 
> But if your target audience has old clunkers, or you are planning on
> putting up heavy content, or you aren't blessed with an abundance of
> CPU, then it's probably worth your while to set up securepages, and make
> sure your site can respond to https and http.  Frankly that last step
> I'd do anyway so you can advertise example.com without users having to
> remember to type https. 
> 
> Either way you can pretty much look at CPU load to determine whether
> this is an issue for you. 
> 
> Good luck, 
> 
> Dave
>  
> 
> 
> -----Original Message-----
> From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On
> Behalf Of Daniel Carrera
> Sent: Thursday, October 23, 2008 1:48 AM
> To: support at drupal.org
> Subject: Re: [support] Drupal on HTTPS
> 
> Thanks.
> 
> You mention performance issues. How bad is it? I spent several hours
> Googling and I found two papers. One that claims that the delay due to
> HTTPS is minimal and another that claims that the delay is significant.
> :-(
> 
> Metzler, David wrote:
>> Naw we do this (Aside from the obvious performance issues about 
>> decripting data for large numbers of hits).  There's a securepages 
>> module out there to force redirects on certain pages if your 
>> interested in making sur ethat just the login informatioin or user 
>> information happens over https.
>>
>> http://drupal.org/project/securepages
>>
>> Dave
>>
>> -----Original Message-----
>> From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] 
>> On Behalf Of Daniel Carrera
>> Sent: Wednesday, October 22, 2008 1:07 PM
>> To: support at drupal.org
>> Subject: [support] Drupal on HTTPS
>>
>> Hello,
>>
>> Is there any harm in serving Drupal over HTTPS instead of HTTP?
>>
>> I want the Drupal login to be on HTTPS because I just don't like 
>> sending passwords in plain text. But with Apache it is no more work to
> 
>> make the entire site run on HTTPS versus just one page. In fact, it
> seems easier.
>> So, I was wondering, is there any good reason not to serve a Drupal 
>> site over HTTPS? It seems a bit odd, but I figure, if I already have 
>> an SSL certificate, I figure, what's the harm?
>>
>> Thanks.
>> Daniel
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
> 
> --
> [ Drupal support list | http://lists.drupal.org/ ]

More information about the support mailing list