With a new trend from Google coming all the sites should have ssl cert installed and all the traffic should be protected.
Which is a real challenge for hosters as it requires some additional resources even for certificate management.
As for web servers I was wondering how our brilliant litespeed behaves with all sites using https. Here is a test platform I built.
1. LiteSpeed 2CPU Enterprise 5.1.2 / 5.0.12 (switching between)
2. CentOS 6.7 2.6.32-504.8.1.el6.x86_64, 4 CPU/20G RAM
3. 1k web sites / virtual hosts
I run the test against plain html with siege tool
siege -c400 -d3 -i -f sites.txt --time=10M
siege -c400 -d3 -i -f site.txt --time=10M
sites.txt contains 1k lines with URLs pointing to simple html with https
site.txt contains 1k lines with URLs pointing to simple html with http
here is a results for https
Lifting the server siege... done.
Transactions: 65589 hits
Availability: 99.98 %
Elapsed time: 599.43 secs
Data transferred: 113.73 MB
Response time: 2.04 secs
Transaction rate: 109.42 trans/sec
Throughput: 0.19 MB/sec
Concurrency: 222.98
Successful transactions: 65594
Failed transactions: 14
Longest transaction: 66.31
Shortest transaction: 0.00
and here for http
Transactions: 108795 hits
Availability: 100.00 %
Elapsed time: 599.80 secs
Data transferred: 188.63 MB
Response time: 0.70 secs
Transaction rate: 181.39 trans/sec
Throughput: 0.31 MB/sec
Concurrency: 126.16
Successful transactions: 108795
Failed transactions: 0
Longest transaction: 33.07
Shortest transaction: 0.00
As you see the reply from https is at least 3 times slower then http, and morethen, the CPU load for https is 30% higher then http. Here is a settings for litespeed in Server>Tuning> SSL Global Settings (5.1.2 only)
SSL Hardware Accelerator
(aesni) Intel AES-NI engine
Enable Session Cache
Yes
Session Cache Size (bytes)
512000
Session Cache Timeout (secs)
1000
and listeners
SSL Private Key & Certificate 
Private Key File /hsphere/shared/apache2/conf/ssl.key/surftown.com.key
Certificate File /hsphere/shared/apache2/conf/ssl.crt/surftown.com.crt
Chained Certificate Not Set
CA Certificate Path /hsphere/shared/apache2/conf/ssl.crt/
CA Certificate File /hsphere/shared/apache2/conf/ssl.crt/ca-bundle.crt
SSL Protocol  TLS v1.1  TLS v1.2
Ciphers 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!RC4-SHA
Enable ECDH Key Exchange Yes
Enable DH Key Exchange Yes
DH Parameter Not Set
SSL Renegotiation Protection Yes
Enable Session Cache Yes
Enable Session TicketsYes
Enable SPDY/HTTP2   HTTP/2 
In general 5.1 is much faster utilize CPU better. However it is still super slow on https in comparison to http.
Is there any recommendations how to optimize litespeed to run on https fast enough on heavly loaded servers?
Any tips and tricks?
Which is a real challenge for hosters as it requires some additional resources even for certificate management.
As for web servers I was wondering how our brilliant litespeed behaves with all sites using https. Here is a test platform I built.
1. LiteSpeed 2CPU Enterprise 5.1.2 / 5.0.12 (switching between)
2. CentOS 6.7 2.6.32-504.8.1.el6.x86_64, 4 CPU/20G RAM
3. 1k web sites / virtual hosts
I run the test against plain html with siege tool
siege -c400 -d3 -i -f sites.txt --time=10M
siege -c400 -d3 -i -f site.txt --time=10M
sites.txt contains 1k lines with URLs pointing to simple html with https
site.txt contains 1k lines with URLs pointing to simple html with http
here is a results for https
Lifting the server siege... done.
Transactions: 65589 hits
Availability: 99.98 %
Elapsed time: 599.43 secs
Data transferred: 113.73 MB
Response time: 2.04 secs
Transaction rate: 109.42 trans/sec
Throughput: 0.19 MB/sec
Concurrency: 222.98
Successful transactions: 65594
Failed transactions: 14
Longest transaction: 66.31
Shortest transaction: 0.00
and here for http
Transactions: 108795 hits
Availability: 100.00 %
Elapsed time: 599.80 secs
Data transferred: 188.63 MB
Response time: 0.70 secs
Transaction rate: 181.39 trans/sec
Throughput: 0.31 MB/sec
Concurrency: 126.16
Successful transactions: 108795
Failed transactions: 0
Longest transaction: 33.07
Shortest transaction: 0.00
As you see the reply from https is at least 3 times slower then http, and morethen, the CPU load for https is 30% higher then http. Here is a settings for litespeed in Server>Tuning> SSL Global Settings (5.1.2 only)
SSL Hardware Accelerator
(aesni) Intel AES-NI engine
Enable Session Cache
Yes
Session Cache Size (bytes)
512000
Session Cache Timeout (secs)
1000
and listeners
SSL Private Key & Certificate 
Private Key File /hsphere/shared/apache2/conf/ssl.key/surftown.com.key
Certificate File /hsphere/shared/apache2/conf/ssl.crt/surftown.com.crt
Chained Certificate Not Set
CA Certificate Path /hsphere/shared/apache2/conf/ssl.crt/
CA Certificate File /hsphere/shared/apache2/conf/ssl.crt/ca-bundle.crt
SSL Protocol  TLS v1.1  TLS v1.2
Ciphers 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!RC4-SHAEnable ECDH Key Exchange Yes
Enable DH Key Exchange Yes
DH Parameter Not Set
SSL Renegotiation Protection Yes
Enable Session Cache Yes
Enable Session TicketsYes
Enable SPDY/HTTP2   HTTP/2 
In general 5.1 is much faster utilize CPU better. However it is still super slow on https in comparison to http.
Is there any recommendations how to optimize litespeed to run on https fast enough on heavly loaded servers?
Any tips and tricks?