On 27/05/2015 6:00 AM, "Guitar Man" <molreco...@gmail.com> wrote: > > Hello Eric, how are you? > > Well, I am working with a COMODO certificate and making tests using the WebPageTest.org. There, my website SSL Negotiation is more than 300ms, however, another sites is working with 30-50ms. I think this difference between values is makeing the Robots index my project slowly (Could be?) > > I really do not know how to improve the SSL Negotiation. I am using Apache 2.4 + Cpanel + 8GB RAM + OpCache, and this negotiation still high. > > Do you have some suggestion to me in this searching for a solution? >
Make sure you use tls1.2 with ECDHE as your primary cipher as it is faster. Also using ocsp stapling in apache will speedup the establishing of the ssl connections. New systems might lack entropy at the beginning but yours is running for a year you said? Also depends on which device is being used /dev/random vs /dev/urandom but that should be correctly set by apache. Anyway, paste you relevant part of the ssl settings here including the mutex, cache etc. and someone might come up with a suggestion that can help. > My main website is: https://www.musiconline.com.br (I am turning the OpCache ON soon). > OpCache will speedup serving the php pages not the ssl. > Thanks a lot again. :) Good year! > > 2015-05-26 16:53 GMT-03:00 Eric Covener <cove...@gmail.com>: > >> >> >> On Mon, May 25, 2015 at 4:36 PM Guitar Man <molreco...@gmail.com> wrote: >>> >>> Hello Developers! >>> >>> Someone knows if Apache Foundation is working to include the SPDY in the new Apache version for HTTP/2? >> >> >> There isn't any work on SPDY or mod_spdy. There is some third-party development of a HTTP/2 module: >> >> https://github.com/icing/mod_h2 >> >>> >>> The Apache WebServer is the most used application and everyone needs a solution about this issue. >>> >>> >>> I am paying CPANEL with Apache, and all my website that are using SSL/HTTPS, the SSL Negotiation is very slow. >> >> >> You're hoping to solve this by opening fewer connections, but wouldn't your n-1 subsequent connections use an abbreviated handshake anyway? Is it really that slow? Maybe you're missing an SSL session cache or have some other extenuating factor? > > > > > -- > > Att, > Andre Luis de Andrade > Music Online Records @ since 1998 > E-mail: an...@ate.com.br > Project: http://www.molrecords.com > World: http://www.molbr.com > Brazil: http://www.musiconline.com.br > Company: http://www.ate.com.br > Curitiba, ParanĂ¡, Brazil > * Help to heal the world before its too late!
