WebPagetest Forums

I use the following WPT environment:

1) WPT server is hosted on a linux machine
2) Community AMI windows server 2008 for test agents(California and Virginia)

I notice a huge gap in the waterfall which is not present in some of the old builds. This is IE specific.This gap doesn't show up in firefox or chrome.

I have attached the screenshots. I updated the wpt test agents(latest version on May14th) and that doesn't help. Is some one aware what could be the root cause?

---

Both the screenshots are from the same URL, same test environment and same browser(IE10). It just got worst.

Can you enable tcpdump capture and grab a tcpdump? Gaps in that area tend to be SSL certificate revocation checks.

Enabling tcpdump and reading the captures helped me to figure out what was going on in that gap. Thanks a tonne Patrick!

Hi Sundeep,

I am wondering if you can share what you found. I am investigating the exact same problem.

Thanks!
-Matt

We got in touch with our CA as the OSCP verification was slow. It consistently took 400-500 ms. We compared the OSCP verification time with other CA's and shared the findings with the vendor.

FWIW, if you want to get rid of the gaps entirely you can look into OCSP stapling (if your SSL termination point supports it): https://www.digitalocean.com/community/t...-and-nginx

Thanks, Patrick!

We do have OSCP stapling enabled on our CDN (or rather AWS CloudFront claims to have OSCP stapling enabled - http://aws.amazon.com/blogs/aws/cloudfro...csp-pfs/).

However, we still see enormous, 2+ second gaps in the waterfall for CDN requests. For example, take a look here: http://www.webpagetest.org/result/140929.../details/. cdn[0/1/2/3].apartmentlist.com is powered by AWS CloudFront.

SSL Labs is showing OCSP Stapling: https://www.ssllabs.com/ssltest/analyze.....192.34.16

On the physical thinkpads it looks like the gaps are smaller but still way longer than I'd expect: http://www.webpagetest.org/result/140929...1/details/ (the gaps don't look big enough to be validation checks but the SSL time is still really long)

The results from a Thinkpad look way more reasonable.

The gap for the http://www.apartmentlist.com is about 10x smaller than in the test I linked about, and is about 200ms. I would expect that to be normal OCSP delay, since http://www.apartmentlist.com does not support OSCP stapling (due to Heroku not supporting it at the moment). The gaps for cdnX.apartmentlist.com are even shorter (presumably because CloudFront supports OSCP stapling).

However, what I see from Denver location looks terrible. We have RUM (Real User Monitoring) enabled via NewRelic on our app, and we see that there is a large number of users that are experiencing similar performance performance in real life (20+ second page loads).

At first I thought there is something wrong with out certificate (we had one from RapidSSL), but I replaced it with the one from Comodo (total shot in the dark!) and absolutely nothing has changed in the waterfall and these gaps.

Any idea what I can do to get to the bottom of it?

FYI: OSCP stapling is supported on *.cloudfront.net domain but not on custom domains in AWS. One of our sys engineers reported this to AWS.