Current time: 11-14-2019, 04:03 AM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
high SSL negotiation time on each request
11-14-2013, 01:59 AM
Post: #1
high SSL negotiation time on each request
My test shows, high ssl negotiation for ie8
http://www.webpagetest.org/result/131113...1/details/

Is there anything I can do on the server to fix this.
Find all posts by this user
Quote this message in a reply
11-15-2013, 12:27 AM
Post: #2
RE: high SSL negotiation time on each request
Seems to be less of a problem at other test locations:
http://www.webpagetest.org/result/131114...1/details/
http://www.webpagetest.org/result/131114...1/details/

Your version of OpenSSL is quite old: 0.9.8 was released in 2005. Consider upgrading to RHEL6 (many advantages to that beside OpenSSL), which comes with 1.0.0 (released in 2009). You'll also benefit from Perfect forward secrecy, introduced with v1.
Find all posts by this user
Quote this message in a reply
11-17-2013, 08:50 AM
Post: #3
RE: high SSL negotiation time on each request
(11-14-2013 01:59 AM)tradiechoice Wrote:  My test shows, high ssl negotiation for ie8
http://www.webpagetest.org/result/131113...1/details/

Is there anything I can do on the server to fix this.

Turn on TCP keep-alive, serve the site and intermediate certificates together, enable SSL session resumption

Andy

Using WebPageTest - http://usingwpt.com/
Visit this user's website Find all posts by this user
Quote this message in a reply
11-19-2013, 01:03 AM
Post: #4
RE: high SSL negotiation time on each request
Yikes - yeah, keep-alives. Not having keep-alives sucks for non-SSL sites but it's insane for SSL sites.

And pretty much everything else Andy mentioned - but keep-alives first.
Visit this user's website Find all posts by this user
Quote this message in a reply
11-19-2013, 04:29 AM
Post: #5
RE: high SSL negotiation time on each request
Hmm. Am I reading the headers incorrectly, then? Both the request and response headers include "Connection: Keep-Alive".
Find all posts by this user
Quote this message in a reply
11-19-2013, 04:55 AM
Post: #6
RE: high SSL negotiation time on each request
The headers do claim to want the connections to be kept open. A tcpdump would show if they are getting closed on the client or server side.

Also, if the SSL cert isn't valid and you're ignoring cert errors it's possible that IE won't keep the connection alive.
Visit this user's website Find all posts by this user
Quote this message in a reply
11-26-2013, 09:03 AM
Post: #7
RE: high SSL negotiation time on each request
There only appears to be a single test in this case (so this may not apply) but...

I have seen tests where a bunch of test agents crawling a site consumed all the available keep-alive connections on the server-side so some tests had keep-alive behaviour, and some didn't! Sad

Andy

Using WebPageTest - http://usingwpt.com/
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)