|
Home > Archive > Unix Programming > October 2005 > performance issues with https over http
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
performance issues with https over http
|
|
|
| Hi,
I am very new to use libcurl library (HTTP client in C). Here are the
problems I am facing:
1. I am using libcurl C library to hit a URL. When I am using normal
http, curl performs pretty well (max 1-2 sec) but when using https, it
takes huge time (1-12 sec) to give me the page content. Is this a
performace bottleneck using https? I have to use https, is there any
way to improve the performance?
2. I have a html page being generated by an Oracle procedure. I am able
to hit that procedure from a web browser and it gives me desired html
page. But when passing same url to curl utility, its not giving me the
page at all. Any ideas will be of great help.
Thanks
-A beginner
| |
| Henry Townsend 2005-10-24, 3:48 pm |
| Yogi wrote:
> Hi,
> I am very new to use libcurl library (HTTP client in C). Here are the
> problems I am facing:
You would do much better to join and ask this on the libcurl mailing
list. See the web page for a link.
> 1. I am using libcurl C library to hit a URL. When I am using normal
> http, curl performs pretty well (max 1-2 sec) but when using https, it
> takes huge time (1-12 sec) to give me the page content. Is this a
> performace bottleneck using https? I have to use https, is there any
> way to improve the performance?
Two obvious things you're missing:
1. You're mixing the transmission cost with the processing cost. How
much time is being used over on the server, and what proportion is it of
the total? Try benchmarking against a "cheap" URL like a static "hello
world" page or a "hello world" servlet instead. This will help you
isolate trnasmission/protocol delays.
2. Curl comes as a library ("libcurl") and a command-line program
("curl") which uses the library. The cmd line utility can be configured
to hit any kind of URL using the method of your choice, and it's safe to
assume that it's a correctly-written libcurl program. Therefore, the
first thing to do in these situations is to hit the same URL using
"curl". If it takes the same amount of time as your custom app, the
performance is either a function of the protocol or the server side. If
it's markedly faster, then you have a coding problem (for extra credit,
you could read the curl code and do what it does).
>
> 2. I have a html page being generated by an Oracle procedure. I am able
> to hit that procedure from a web browser and it gives me desired html
> page. But when passing same url to curl utility, its not giving me the
> page at all. Any ideas will be of great help.
There is copious documentation on the website. See
http://curl.haxx.se/docs/httpscripting.html in particular. Note
especially the parts about LiveHTTPHeaders. Quite frequently a libcurl
app must pretend to be (say) IE in order to get the same results.
HT
| |
|
| Hi Henry,
Thanks a lot for your response.
1. I ran curl command for two html pages. One with http containing huge
images n text part and other with https containing "hello world" text.
Still second test case is time consuming. Can I relate this to be a
function of protocol or a server?
2. I will go through the url provided to find solution to my second (2)
problem.
Thanks in advance.
| |
| Henry Townsend 2005-10-24, 3:48 pm |
| Yogi wrote:
> Hi Henry,
> Thanks a lot for your response.
> 1. I ran curl command for two html pages. One with http containing huge
> images n text part and other with https containing "hello world" text.
> Still second test case is time consuming. Can I relate this to be a
> function of protocol or a server?
If the server side takes trivial time, and the curl command takes
trivial time when using http but a lot more when using https, then the
problem is with https. That's simple logic. Of course there could be a
problem with your specific implementation of SSL, or you could even have
a networking problem causing traffic over port 443 to be slower than
traffic to port 80. But at the very least, libcurl is off the hook.
Note that the curl command has all sorts of support for reporting
timings. It can report the overall (round-trip) time or it can provide a
breakdown of how much is spent establishing the connection and how much
waiting for the server to respond, etc. The curl man page is long but
you will not regret reading it. More efficient than posting questions
and waiting for answers as well.
HT
| |
| Barry Margolin 2005-10-24, 3:48 pm |
| In article <1129818854.728699.24140@z14g2000cwz.googlegroups.com>,
"Yogi" <yogeshkagrawal@gmail.com> wrote:
> Hi Henry,
> Thanks a lot for your response.
> 1. I ran curl command for two html pages. One with http containing huge
> images n text part and other with https containing "hello world" text.
> Still second test case is time consuming. Can I relate this to be a
> function of protocol or a server?
What you might want to do is run tcpdump on port 443 while doing your
test. Then you can see whether there's a long delay before the server
sends back the response, or if the delay in the command occurs after the
response is sent back.
You won't actually be able to read the packet contents, because of SSL's
encryption, but you should be able to recognize the response because
it's a bunch of large packets (access one of the large pages for this
test).
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
| |
|
| Thanks a lot for all your responses. :-)
| |
| Martin Carpenter 2005-10-28, 4:53 pm |
|
"Barry Margolin" <barmar@alum.mit.edu> wrote:
> What you might want to do is run tcpdump on port 443 while
> doing your test. Then you can see whether there's a long
> delay before the server sends back the response, or if the
> delay in the command occurs after the response is sent back.
One other thought: the cURL implementation may be attempting to check the
validity of the server's certificate by checking a CRL or by making an OCSP
request. I'd check the cURL docs first to see if that's the case - I can't
say that I've noticed this in my excursions with cURL.
(Since Yogi didn't mention client authentication, I'm assuming that's not
being attempted).
|
|
|
|
|