HTTP and HTTPS in HLD - Scalability & System Analysis

The first bottleneck is the SSL/TLS handshake CPU cost on the web servers or load balancers. HTTPS requires encryption and decryption which uses more CPU than HTTP. At moderate to high traffic, this CPU overhead limits how many connections a server can handle.

• SSL Termination at Load Balancer or CDN: Offload encryption work from app servers.
• Use Session Resumption: TLS session tickets or session IDs reduce handshake cost.
• Horizontal Scaling: Add more servers behind load balancers to handle more connections.
• Global CDN: Cache static content and terminate HTTPS close to users to reduce latency and load.
• Hardware Accelerators: Use dedicated SSL/TLS hardware or optimized libraries for encryption.

• At 10,000 users, assuming 1 request per second per user -> 10,000 RPS.
• Single server handles ~5,000 concurrent HTTPS connections due to CPU limits.
• Bandwidth: 1 Gbps network supports ~125 MB/s; HTTPS adds ~10-20% overhead.
• Storage for logs and certificates is minimal compared to traffic volume.
• SSL handshake CPU cost can be 10x higher than plain HTTP request processing.

Start by explaining the difference between HTTP and HTTPS in terms of security and overhead. Then discuss how HTTPS adds CPU and latency costs due to encryption. Identify the SSL handshake as the first bottleneck. Propose offloading SSL to load balancers or CDNs and using session resumption. Finally, mention horizontal scaling and global CDNs for large scale.

Your web server handles 1000 HTTPS requests per second. Traffic grows 10x to 10,000 RPS. What is your first action and why?

Answer: Offload SSL termination to a load balancer or CDN to reduce CPU load on the web server, because SSL handshakes consume significant CPU and limit concurrency.