Hi,
Since I have a SSL configuration which works on my server, everything is too long, and even the cloud (nextcloud) is almost not accessible ( Gateway Timeout error ).
So, here I would like resume what have toi be done to optimize the time response of the whole SSL than we can configure within our servers.
Thanks for your help.
For now I had changed 2 parameters :
Unless you have a massively underpowered computer, the mere fact of using SSL isn't likely to cause such a dramatic performance problem. Even SSL handshakes are pretty cheap these days. It sounds like there might be something else going on, possibly triggered by having added SSL.
Posting your webserver configuration files is a good place to start.
Thanks for your help.
Here you are : http://www.dennet.dennet.eu/server-info
Compare for example this link (above) with the time needed to access to https://dokuden.dennet.eu/doku.php
For this vhost http://www.dennet.dennet.eu/server-info there no ssl config at all
For https://dokuden.dennet.eu/doku.php you can see that even accessing in http://dokuden.dennet.eu/doku.php is taking a while. Before ssl was set up everything was as quick as opening this http://www.dennet.dennet.eu
So as you said, if it's not directly SSL, it is somthing triggered by it. How to identify what ?
I think because the issue appears to only be affecting doku.php, it's beyond the scope of what we can help you on this forum. Application issue.
Other pages seem pretty snappy, even when accessed over HTTPS:
# time curl -I https://dokuden.dennet.eu/server-info
HTTP/1.1 200 OK
Date: Sun, 05 Mar 2023 20:42:26 GMT
Server: Apache/2.4.55 (Fedora Linux) OpenSSL/3.0.8 mod_perl/2.0.12 Perl/v5.36.0
Content-Type: text/html; charset=ISO-8859-1
real 0m0.272s
user 0m0.008s
sys 0m0.012s
Profiling where doku.php is spending its time with something like xdebug might point you in the right direction.
No, sorry, my ENglish might not be clear sometimes...
I wanted to say that when there is no configuration of ssl for a vhost, it works quickly ; but if a vhost is configured as well for ssl mode, then, even if I do not redirect the queries (with rewrite directive into httpd) to https, it is very long like foir ssl mode. In other words, the fact that doku is slow with doesn't means other vhost are fast. The problem is also for other vhost.
This is strange : without redirecting to ssl, the fact that ssl is configured for the same vhost should not interfere if you access it via simple http.
I did the same but for the basic page of the doku
time curl -I https://dokuden.dennet.eu/
HTTP/1.1 302 Found
Date: Tue, 07 Mar 2023 07:51:47 GMT
Server: Apache/2.4.55 (Fedora Linux) OpenSSL/3.0.8 mod_perl/2.0.12 Perl/v5.36.0
X-Powered-By: PHP/8.1.16
real 0m11,859s
user 0m0,013s
sys 0m0,004s
The /server-info is not responding to dokuden. So this is just the proof of what I tried to say : normally my server is fast, since https is implemented in, the sites referring to ssl became far too long. You can make a trial with the cloud at nuage.dennet.eu
How do you know that ?...
So to my opinion, their might be something to improve into the applications as you suggest (doku, cloud, drupal), in apache itself, but also in the ssl parameters, because everything is fast without ssl.
My purpose for openning this thread is to have a kind of resume of what to do to optimise ssl (cause frankly speaking, for some one like me, reading OpenSSL Cookbook 3rd Edition - 1.1.3 Examine Available Commands or that /docs/manmaster/man3/SSL_verify_client_post_handshake.html will require I take holidays 
).
So far, you have only demonstrated that your server generates a slow response when the response is generated by PHP. That is including your homepage:
Any response which is generated purely by Apache (not invoking PHP) is fast.
I'm completely certain that whatever PHP code you have running is causing the slowdown. This may be a side effect of having HTTPS set up on your website, but it is fundamentally an issue in the PHP application, not in the the workings of Apache or SSL. The mere presence of HTTPS in your Apache configuration doesn't suddenly make PHP slow.
That is why I suggest xdebug.
All right thanks.
But, anyway, beside my problems, could you give us, regarding strictly ssl, what are the parameters which can be be adjusted to make sure that a site is optimised from ssl point of view (if the response is not too complicated of course).
Thanks.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.