Performance Considerations for Attorneys When Moving to SSL
Chris Dreyer | March 11, 2016
Attorneys moving their site to HTTPS need to consider the performance impact that the change will have. After all, it’s not like you are just flipping a switch to have a different URL displayed. There are a lot of things going on behind the scenes when it comes to serving secure pages. There are also other important considerations to investigate so your site continues to function the way it did on http.
How HTTPS Works
It helps to know what is happening behind the scenes with a secure connection vs a non-secure connection on the web. Regardless of whether there is an encrypted connection or not, all browsers request information from servers based on the code that is written for a website.
While steps can vary, the basic process that happens is:
• A “handshake” scenario takes place in which the server verifies the website is who it says it is and vis versa
• The site and the server agree on an encryption method through which information can be exchanged
• The site and the server agree on what keys will be used for the algorithm
These steps are extremely complicated and a lot can go wrong in the process causing a web page not to render. When things do go well, all of these interactions need to happen in just a second or two so that the user does not have to wait long to view the content they came to see.
There isn’t one set of concerns for every website when it comes to HTTPS and SSL certificates. Every configuration is different and every website is different. For the most part, many attorney websites are informational in nature. They often don’t have dynamically created pages or complicated ecommerce components.
The most resource-intensive part of the whole SSL process is the handshake. Ironically on sites that server a relatively small number of static pages, the addition of SSL can cause things to slow down. Conversely, sites that server dynamic pages tend not to be affected too much by the addition of SSL.
Other things being equal (i.e. if a site has already been optimized for speed), adding SSL is not going to slow things down enough to make a difference for users. You should always do your homework on adding SSL to your site.
There are some good posts out there on what SSL is, how it works, and things to consider when implementing it on your website. Check out forums and other resources related to SSL and you can always do a test in a controlled environment to see if adding SSL to the site will cause too much of a headache for your users.
This means that not only your pages need to be delivered over a secure connection but also all of the other files associated with your website and these can be tricky to find. Here is a short list of places to check when converting your site over:
• Look in your style sheets for absolute URLs
• Go through previous posts that have images and if they don’t have relative URLs already, make them that way or add HTTPS
• You’ll have to go through your plugins on a WordPress site and make sure all of their resources are delivered over HTTPS
If you aren’t sure how to find these files, you can use the Chrome Elements panel to find them. If you already have SSL installed on your site and are having issues finding other resources that are causing errors, the tool is a life-saver.
Visit the page where the error is occurring (using Chrome), right click and select inspect element. A panel will appear at the bottom of the screen and by default it will be the HTML of the page. Click on the console tab. You may have to refresh the page and then you will see any errors in the list related to HTTP and HTTPS.
Google’s announcement that SSL was going to be used as a rank factor was a freebie for many webmasters but there are some important considerations before you go changing everything over.
What challenges have you run into when changing your site over to SSL? How did you solve them? Join in the conversation by commenting below.