Sysadmin Any way to reduce/accelerate TLS handshake time?

It's a function of physical distance between servers (round trip times) and how fast both source and destination servers are for processing TLS handshakes. As well as how TLS/SSL is configured on both source and destination servers etc.

So partially dependent on those online test servers themselves too. Which testing tool is that from ?

Tried Web Performance Test - 14+ Global Test Locations ?

Also try webpagetest.org

 

Also try HTTP Header Check with an online CURL tool with the time checkbox checked

 

More info Networking 101: Transport Layer Security (TLS) - High PerformanceBrowser Networking (O'Reilly)

 

centmin mod HSTS is supported if you setup HTTPS sites via centmin mod menu option 2, 22, /usr/bin/nv or in 123.09beta01 addons/acmetool.sh but you need to enable it manually understanding what it can do and it's negatives outlined under Enabling HSTS for SSL section at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS otherwise you DDOS hit your own web site if you enable HSTS but later disable HSTS or HTTPS.

persistent connections and keepalive is enabled

TLS resumption enabled via nginx tickets Module ngx_http_ssl_module but it's recommended to turn them off but they're enabled by default

TLS false start have both client/web browser and server side so browser needs to support HTTPS via NPN or ALPN protocol and server side needs to support Forward Secrey. Which means online testing tools may not support it on their end - which comes back to configuration of testing servers for HTTPS/SSL

Some of these can be tested via dev.ssllab.com tests. FS tag at end = Forward Secrecy





More on Forward Secrecy SSL Labs: Deploying Forward Secrecy – Network Security Blog | Qualys, Inc. which comes back to what ssl ciphers are setup on nginx server end. Centmin Mod nginx vhost HTTPS/SSL generated vhosts are configured properly for this. And if you manually add HTTPS vhosts via Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS

ocsp you need to enable for SSL HTTPS sites you set up manually as outlined under Enabling OCSP stapling for SSL at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS or auto enabled with 123.09beta01 addons/acmetool.sh live obtained letsencrypt ssl certificates (not for staging test ssl certs or self-signed certs which do not support ocsp stapling)

 

yes it will something to look forward to. FYI, if you're behind Cloudflare's HTTPS/SSL, they already have implemented TLS 1.3 if the web client end supports it

 

you're welcome

sweet nice tool will see how it compares to results at Web Performance Test - 14+ Global Test Locations

 

Playing with updown.io