Current time: 10-23-2018, 07:23 AM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SSL handshake repeats during Web Page Test
06-07-2018, 02:56 AM
Post: #1
SSL handshake repeats during Web Page Test
Please refer to my WPT result
https://wpt1.speedcurve.com/details.php?...0f7f&run=1

What is the expected behavior?
The domain venom-assets.edmunds-media.com is part of the TLS certificate for http://www.edmunds.com and any calls to it should be trusted after the initial handshake. i.e should happen only once at the beginning.

What went wrong?
around step #15, SSL handshake happens again for domain venom-assets.edmunds-media.com.
The request is for font data
https://venom-assets.edmunds-media.com/e...bcd9.woff2

Chrome version: 67.0.3396.62 Channel: stable
OS Version: Linux

For webpagetest, issue occurs on Android too.
Find all posts by this user
Quote this message in a reply
06-07-2018, 07:14 AM
Post: #2
RE: SSL handshake repeats during Web Page Test
Welcome to "credentialed connection" hell. Fonts are considered non-credentialed and are requested on an "anonymous" connection. From Chrome and Firefox's perspective that means using a completely separate connection where cookies are never sent.

You can see some of the discussion around it here: https://github.com/w3c/resource-hints/issues/32

There is active discussion around getting rid of the second-connection requirement but it's still the case right now.

I THINK (needs verifying) that if the fonts are from the same origin as the page then it may re-use the same connection but once it crosses origins it bumps into the CORS anonymous requirement.
Visit this user's website Find all posts by this user
Quote this message in a reply
06-08-2018, 07:55 AM
Post: #3
RE: SSL handshake repeats during Web Page Test
(06-07-2018 07:14 AM)pmeenan Wrote:  Welcome to "credentialed connection" hell. Fonts are considered non-credentialed and are requested on an "anonymous" connection. From Chrome and Firefox's perspective that means using a completely separate connection where cookies are never sent.

You can see some of the discussion around it here: https://github.com/w3c/resource-hints/issues/32

There is active discussion around getting rid of the second-connection requirement but it's still the case right now.

I THINK (needs verifying) that if the fonts are from the same origin as the page then it may re-use the same connection but once it crosses origins it bumps into the CORS anonymous requirement.

Thanks Patrick. I also opened a ticket with Chrome dev. Adding it here for details from their side.

https://bugs.chromium.org/p/chromium/iss...?id=850143
Find all posts by this user
Quote this message in a reply
06-11-2018, 02:09 AM
Post: #4
RE: SSL handshake repeats during Web Page Test
A very peculiar waterfall.

Just looking at the top of the waterfall...

#1 + #2 - external OSCP sites get hit.

#3 + #4 - show some assets being hit prior to the HTML component (#5) completing.

All the other SSL handshake (as Patrick mentioned) get hit when any offsite reference occurs.

I'd start by removing NGINX from the mix + get your Apache + HTTP2 working correctly, as HTTP2 is off for this site.

Also, check your SSL setup at the Apache level.

Once all's well, then try running NGINX on another port + get it's config working before inserting it again.

Maybe this waterfall signature is an artifact of recent NGINX versions.

Looks like you're running NGNIX-1.8.1 + other recent WPT pages show a similar waterfall... like...

https://www.webpagetest.org/result/18052...1c7637085/

Which is also running NGINX with no version number exposed.

Notice with this other WPT report...

#1 + #2 - external OSCP sites get hit, same as your waterfall.

Contrast this to a random WordPress site running straight Apache with a highly optimized HTTP2 TLS stack + optimized assets...

Very different waterfall.

Just looks... a bit odd...

Like help speeding up your site? Skype me @ ID davidfavor for a quote. Be sure to include your site name in your Skype Add Contact request.
Find all posts by this user
Quote this message in a reply
06-11-2018, 05:40 AM
Post: #5
RE: SSL handshake repeats during Web Page Test
The OCSP requests are cert revocation checks because of EV certificates. The only way to eliminate both of them is to use DV certs instead of EV certs. You can get rid of one of them by enabling OCSP stapling on the server.
Visit this user's website Find all posts by this user
Quote this message in a reply
06-12-2018, 02:40 AM
Post: #6
RE: SSL handshake repeats during Web Page Test
(06-11-2018 02:09 AM)dfavor Wrote:  A very peculiar waterfall.

Just looking at the top of the waterfall...

#1 + #2 - external OSCP sites get hit.

#3 + #4 - show some assets being hit prior to the HTML component (#5) completing.

All the other SSL handshake (as Patrick mentioned) get hit when any offsite reference occurs.

I'd start by removing NGINX from the mix + get your Apache + HTTP2 working correctly, as HTTP2 is off for this site.

Also, check your SSL setup at the Apache level.

Once all's well, then try running NGINX on another port + get it's config working before inserting it again.

Maybe this waterfall signature is an artifact of recent NGINX versions.

Looks like you're running NGNIX-1.8.1 + other recent WPT pages show a similar waterfall... like...

https://www.webpagetest.org/result/18052...1c7637085/

Which is also running NGINX with no version number exposed.

Notice with this other WPT report...

#1 + #2 - external OSCP sites get hit, same as your waterfall.

Contrast this to a random WordPress site running straight Apache with a highly optimized HTTP2 TLS stack + optimized assets...

Very different waterfall.

Just looks... a bit odd...

Hi dfavor
#3 is actually our main content download.
Also we are set up for HTTP/2. You can confirm this by entering the site at https://tools.keycdn.com/http2-test
Getting off NGINX is not a decision we can take lightly. Do you have some more info/references on why Apache+http/2 is better than nginx+http/2?
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)