WebPagetest Forums

Full Version: OCSP Issue
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
We have OCSP enabled. Why do we get this reported in our tests? https://monosnap.com/direct/uW9WbWcjPjzV...7v2KfI9iyu

Any help would be very much appreciated.
What you're seeing normally occurs as an artifact from using NGINX + many other proxies/CDNs.

If you look closely, you'll see the OCSP probe has no effect on your site speed.

Not really a problem. You can safely ignore this.

If you must fix this, use straight up Apache, as Apache handles this differently than other proxies I've tested.

http://www.webpagetest.org/result/180629...9d4e5b6f6d shows a simple static site, with straight up Apache, no proxy or CDN or any other tech.
I wonder if OCSP stapling isn'y configured correctly somewhere…

SSL Test says it's enabled - https://www.ssllabs.com/ssltest/analyze....ainvac.com - so you shouldn't see the OCSP check in the waterfall.

The status check WILL be having a small speed impact - in the waterfall you linked to it's 89ms or ~16% of TTFB.

If you can get OCSP stapling working correctly then the TLS negotiation time for the root request will reduce as it's part of that step
I can comment on the OCSP stapling with respect to CDN. (responding back to Andy's comment earlier)

Even when OCSP stapling is enabled, a CDN may not always respond back with the staple. Typically, the work flow occurs as follows:
1. very first user makes a request. CDN responds without the staple.
2. CDN asynchronously makes a request and pulls down the cert verification status
3. for subsequent requests, the staple is included.

Browsers are supposed to work regardless of a CDN. So the optimization is to ensure that the request for staple verification does not break / slow down a website.
Refer to my comments above.

This appears to be an NGINX artifact which can be ignored.

Fix seems to be... simply removing NGINX, which solve other problems too, like 502 errors.
Reference URL's