WebPageTest

tradiechoice · 11-14-2013, 01:59 AM

My test shows, high ssl negotiation for ie8
http://www.webpagetest.org/result/131113...1/details/

Is there anything I can do on the server to fix this.

robzilla · 11-15-2013, 12:27 AM

Seems to be less of a problem at other test locations:
http://www.webpagetest.org/result/131114...1/details/
http://www.webpagetest.org/result/131114...1/details/

Your version of OpenSSL is quite old: 0.9.8 was released in 2005. Consider upgrading to RHEL6 (many advantages to that beside OpenSSL), which comes with 1.0.0 (released in 2009). You'll also benefit from Perfect forward secrecy, introduced with v1.

andydavies · 11-17-2013, 08:50 AM

(11-14-2013 01:59 AM)tradiechoice Wrote: My test shows, high ssl negotiation for ie8
http://www.webpagetest.org/result/131113...1/details/

Is there anything I can do on the server to fix this.

Turn on TCP keep-alive, serve the site and intermediate certificates together, enable SSL session resumption

***pmeenan*** · 11-19-2013, 01:03 AM

Yikes - yeah, keep-alives. Not having keep-alives sucks for non-SSL sites but it's insane for SSL sites.

And pretty much everything else Andy mentioned - but keep-alives first.

robzilla · 11-19-2013, 04:29 AM

Hmm. Am I reading the headers incorrectly, then? Both the request and response headers include "Connection: Keep-Alive".

***pmeenan*** · 11-19-2013, 04:55 AM

The headers do claim to want the connections to be kept open. A tcpdump would show if they are getting closed on the client or server side.

Also, if the SSL cert isn't valid and you're ignoring cert errors it's possible that IE won't keep the connection alive.

andydavies · 11-26-2013, 09:03 AM

There only appears to be a single test in this case (so this may not apply) but...

I have seen tests where a bunch of test agents crawling a site consumed all the available keep-alive connections on the server-side so some tests had keep-alive behaviour, and some didn't! Sad