Current time: 12-08-2019, 05:25 AM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
KeepAlive over HTTPS fails
01-16-2017, 10:48 PM (This post was last modified: 01-17-2017 12:26 AM by graphicsxp.)
Post: #1
KeepAlive over HTTPS fails
Could someone explain why KeepAlive fails for all requests to ocsp.comodoca.com ? Actually I'm not sure what these requests are about, a part from the fact it has to do with my SSL certificate provider.

Sometimes if I re-run the test, KeepAlive works.

Here's the test result :

https://www.webpagetest.org/result/17011...imization/

I believe this is the reason for my GRADE F for TTFB. If I don't use HTTPS, I never have this problem.

[EDIT]

After contacting Comodo support team, here's their reply. Is WebPageTest really an unreliable site to test site latency ?

Hello,

Thank you for your email, unfortunately you are using an unreliable site to test your latency on your site. We do not assist with performance issues on your site. We have tested your site using a more reliable provider which shows your site to be A+.

https://www.ssllabs.com/ssltest/analyze....-story.com

If you need assist with optimizing your performance of your site you will have to speak with a server administrator or your hosting company. As an ssl certificate will not slow down your site.
Find all posts by this user
Quote this message in a reply
01-17-2017, 01:25 AM
Post: #2
RE: KeepAlive over HTTPS fails
KeepAlive will only fail if more than one request was made to the target domain during the page load. It is probably intermittent because sometimes a 3rd-party ad or something like that also needs validation and sometimes it doesn't.

And yes, the OCSP verification check will absolutely cause TTFB to fail. The best you can do to avoid the validation check is to staple the OCSP checks as part of your server config so the validation will come down with the certificate. This is probably way more information than you ever wanted on TLS performance but it is a good read (the whole book actually): https://hpbn.co/transport-layer-security-tls/

Some versions of IE on some OS's will not use stapling though so you won't be able to eliminate it entirely.

As far as SSL Labs goes, that doesn't have anything to do with performance, just the security of your certificate configuration. There IS an entry in the report that tells you if OCSP Stapling is enabled (no in this case) but it isn't part of the grade.
Visit this user's website Find all posts by this user
Quote this message in a reply
01-17-2017, 01:39 AM
Post: #3
RE: KeepAlive over HTTPS fails
wow! very interesting stuff here. I didn't know about OCSP Stapling. Will definitely look into that.

Yes, I know that SSLLabs does not check anything about performance, that's what I replied to comodo support.

thanks !
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)