Does TLS have to encrypt the whole file before sending it down?
I've experienced a CPU usage surge coming from a WCF service that sends large files to requesting clients over HTTPS. Does TLS need to encrypt the whole file before sending it down or does it just encrypt the packets? I'm trying to find out what in the se开发者_如何学Crvice is causing the surge as the WCF method responsible just serves files on disk. These files used to be smaller and so was the CPU load. There is only one endpoint with a binding that uses streaming and MTOM.
Regards, F
TLS encrypts only the packets. The file you are sending is not encrypted, the communication of that file is encrypted -- it's a subtle but important difference.
Of course, using HTTPS does decrease scalability (because of server affinity caused by the HTTPS session) and performance degradation, but you can fix that by using special HTTPS hardware in your server.
SSL and TLS act at the transport layer, so anything sent over that session should be encrypted at the time of sending, and immediately decrypted upon receiving it. That means they can still be used to effectively secure streams or other open-ended communications.
Because the encryption will only happen as fast as the communication link, it should be reasonably constant. If you're seeing performance problems, it may simply be due to your files being larger, meaning proportionally more processing and time. Of course, if you have many clients requesting data at the same time, and it all needs to be encrypted, you'll soon reach the limit of either the processor or the network device. That's why web sites that support SSL often choose to secure only very specific sections, like login and password changing pages. If they secured every single request, they would get overloaded.
精彩评论