Current time: 07-18-2018, 01:12 PM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OCSP Issue
06-29-2018, 03:03 AM
Post: #1
OCSP Issue
We have OCSP enabled. Why do we get this reported in our tests? https://monosnap.com/direct/uW9WbWcjPjzV...7v2KfI9iyu

Any help would be very much appreciated.

SEO Workers - Semantic SEO & Internet Marketing Consulting
Find all posts by this user
Quote this message in a reply
06-30-2018, 02:02 AM
Post: #2
RE: OCSP Issue
What you're seeing normally occurs as an artifact from using NGINX + many other proxies/CDNs.

If you look closely, you'll see the OCSP probe has no effect on your site speed.

Not really a problem. You can safely ignore this.

If you must fix this, use straight up Apache, as Apache handles this differently than other proxies I've tested.

http://www.webpagetest.org/result/180629...9d4e5b6f6d shows a simple static site, with straight up Apache, no proxy or CDN or any other tech.

Like help speeding up your site? Skype me @ ID davidfavor for a quote. Be sure to include your site name in your Skype Add Contact request.
Find all posts by this user
Quote this message in a reply
07-09-2018, 11:49 PM
Post: #3
RE: OCSP Issue
I wonder if OCSP stapling isn'y configured correctly somewhere…

SSL Test says it's enabled - https://www.ssllabs.com/ssltest/analyze....ainvac.com - so you shouldn't see the OCSP check in the waterfall.

The status check WILL be having a small speed impact - in the waterfall you linked to it's 89ms or ~16% of TTFB.

If you can get OCSP stapling working correctly then the TLS negotiation time for the root request will reduce as it's part of that step

Andy

Using WebPageTest - http://usingwpt.com/
Visit this user's website Find all posts by this user
Quote this message in a reply
07-10-2018, 02:34 AM
Post: #4
RE: OCSP Issue
I can comment on the OCSP stapling with respect to CDN. (responding back to Andy's comment earlier)

Even when OCSP stapling is enabled, a CDN may not always respond back with the staple. Typically, the work flow occurs as follows:
1. very first user makes a request. CDN responds without the staple.
2. CDN asynchronously makes a request and pulls down the cert verification status
3. for subsequent requests, the staple is included.

Browsers are supposed to work regardless of a CDN. So the optimization is to ensure that the request for staple verification does not break / slow down a website.

Follow me on twitter: @rakshay
Visit this user's website Find all posts by this user
Quote this message in a reply
07-12-2018, 12:18 AM
Post: #5
RE: OCSP Issue
Refer to my comments above.

This appears to be an NGINX artifact which can be ignored.

Fix seems to be... simply removing NGINX, which solve other problems too, like 502 errors.

Like help speeding up your site? Skype me @ ID davidfavor for a quote. Be sure to include your site name in your Skype Add Contact request.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)