Why Is SSL So Slow Over Satellite

SSL is EXTREMELY punishing over connections with high "latencies". To understand why we need to look a little under the bonnet and also describe a tiny amount how computers move data around.

Background

First we need a few definitions:

  • "Latency" is the time it takes your computer to "say something" and for that to cross the network and be heard by the computer on the other end (and for it to do something in return). This is bounded by the speed of light (which is not as fast as it's cracked up to be) and also other delays due to internet routing. A finger in the air number is that we see delays of around 1 second to send some data across Iridium or Inmarsat and get a response back again.
  • "Protocols" are the word we use for the way computers talk to each other. Essentially computer conversations follow stiffly defined "templates" and cannot deviate from them. Frequently these protocols are defined in a way where some data is sent, then the sender must pause and wait for an answer before sending more information - it's this pausing and waiting step which kills us on "high latency" connections such as satellite. eg for sending an email
    • we first ask if it's ok to send,
    • we wait to be told yes
    • then we send the sender email address and wait for acceptance
    • then we send the recipient email address and wait for acceptance
    • then we sent the body of the email and wait for acceptance...

Hopefully it's clear that it's all this waiting around which incurs a 1 second delay each time, and these 1 second delays soon start to add up.

SSL or TLS "Protocol"

All modern web and email encryption uses a protocol called SSL, or it's newer sibling TLS. The internals of this involve

  1. a 9 step handshake
  2. a significant amount of data (4-6KB) for sending encryption certificates

Iridium sends data at around 0.3KB per second, so the certificate exchange takes at least 15 seconds or so. The 9 step handshake adds around 9 seconds just waiting for the replies to come back. In addition each of these steps transmits some data and takes a second or so each to actually do the transmission.

So the theoretical handshake time is of the order:

  • 9 seconds waiting for replies
  • 6-15 seconds to send the data in the replies
  • 15+ seconds to send certificates

Total of 30+ seconds to setup the SSL/TLS connection

The emphasis on these being theoretical connection times, in practice random delays and trying to setup 2 connections (one to send emails, one to receive new emails) will delay each individual connection setup time.

Packet Overhead

Finally note that data is sent across computer networks, not 1 character at a time, but wrapped up in chunks we call "packets". Each packet can be up to around 1,500 characters in size, but SSL/TLS adds an additional overhead of around 40 characters. This doesn't sound so much if you say it quickly, but remember you get around 300 characters a second through an Iridium dialup connection, so it's quite a sizeable size at these kinds of speeds.