Keyless SSL adds a little latency the first time a user connects to a Keyless SSL protected website, but this additional delay is only on the initial connection. The exact delay depends on the network latency between the user's Cloudflare edge server and the origin, and is generally in the tens or hundreds of milliseconds.
We have two key performance technologies which mitigate the potential performance impact of using Keyless SSL:
1) Session cache and session tickets: these two technologies (supported on different browsers) allow Keyless to re-use session symmetric keys previously negotiated, allowing SSL sessions without requiring a new connection to the Keyless SSL client, provided a session has previously been negotiated with that user.
2) Persistent connections: this allows the connection between the keyless client and Cloudflare's infrastructure to remain open permanently, eliminating connection setup overhead when a user connects to the site.
The exact performance impact of Keyless SSL compared to origin-terminated SSL varies based on latency between the end user, Cloudflare, and the origin, and in many cases Keyless SSL can be faster even for the first connection by a given client; it is essentially always faster on all subsequent connections than direct-to-origin SSL connections would be.