• 15
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Are some SSL certificates able to handle more traffic?

I had a free SSL certificate that was working fine when my site had lower traffic - but the traffic has increased, and now users frequently receive errors establishing a secure connection. Some of these are fallback errors, and some just say error establishing secure connection. I'm wondering if what certificate I have makes a difference in how much traffic it can handle? Is there a company that grants certificates better able to handle high-traffic situations?

The certificate itself does not affect the scaling of the application. The performance might be affected by the size of the certificate and the chain, so a short certificate chain might perform better. But in practice this does not matter that much as long as session reuse is enabled at the server side (usually the default configuration).

I think the main problem you have is that your side does not scale well, independent of the certificate. More users means higher load at the server and more use of bandwidth and if any of these resources is tight packets will be lost or will be processed too slow. In this case you get a variety of problems, including SSL downgrading or failure to establish the connection.

  • 6
Reply Report
      • 2
    • @JonathanBasile: with openssl you can do openssl s_client -reconnect -state -prexit -connect server:port and check if the same Session-Id is given all the time in the debug output.

It could also be an issue with the activity of SSL's lately with SHA1 and actually a coincidence with the timing and your site's traffic.

What server are you using, have you looked into SSL Offloading? What about using a CDN that supports SSL like CloudFlare or Incapsula.

With Fallback issues, check what score you get on and try to correct any issues.

https://www.ssllabs.com/ssltest/

  • 1
Reply Report

Most of the time, it should have no effect, but I would certainly think that the size of the key should be taken into account, especially in extremely high traffic situations where multiple users are hitting the site over and over again. If you take all of the traffic into account, decrypting 2048-bit-encrypted requests would certainly perform better than decrypting 4096-bit encrypted traffic, and I imagine that certain algorithms could have a contributing factor as well. But I would imagine this would only contribute to extremely high-traffic scenarios where users re-connect frequently.

  • 0
Reply Report
      • 1
    • But those very institutions are the ones least likely to want to use shorter keys. In my experience, financial institutions will either use a pool of servers (so scaling is just a matter of deepening the pool) or use hardware-assisted SSL (or both).
    • The question is not "How to prevent some SSL certificates from affecting traffic" -- so I believe you are negating your point by saying that these organizations would want to use shorter keys in order to improve performance. The fact remains that larger keys have an effect on performance. It is indeed a minuscule effect, but on very large scales, this effect is visible unless certain measures are taken in order to counterbalance this effect.

Trending Tags