Does SSL affect performance nowadays?

Question

I remember years ago, one of the reasons for not using SSL was the it used a lot of resources, so it affected the performance of applications.

Nowadays, with the current technologies, is this still a point to bear in mind?

This question arose as a workmate is concerned that using SSL will hinder the performance of his application.

Why? The idea is that there will be thousands of clients that will be opening temporary connections every some determined time frame (I think it's set to 1 minute). So he's concerned that all the authentication process of all those clients is going to be very power consuming and affect the performance of his application. The other alternative is to use permanent connection so the authentication is done only once, but the CTO still hasn't decided which method we'll be using (last notice was temporary, hence this question).

Answer 1

In the last 4 years I have seen (benchmarked) iPhone AES encryption speeds increase 13x on iPhones. Speeds are also dependent on the data length since there are two parts: the setup and data encryption/decryption.

As usual benchmark your usage and judge if there is a performance issue.

As @EJP states, if you need security you need to use https (TLS) encryption.

Answer 2

The question is ill-formed. If you need security, you have little choice but to use SSL, and so comparing it to plaintext is completely pointless. If on the other hand you don't need security, you don't need SSL.

However I did an extensive experiment over the Internet some years ago, which showed that SSL was roughly 3x as slow as plaintext.