Significantly different handshake time

kaavain · January 4, 2019, 6:54am

Having two sites at different hosting providers but almost the same servers got significantly different SSL handshake times. The difference is huge and stable from day to day, independently of daytime - 30 and 250 ms.

The first is https://www.trafaret.net/
http://ping-admin.ru/free_test/result/1546583097088w7nkujv156ru514133.html - ping results, 30 ms
SSD VPS server 2 cores, 1 gb RAM, apache 2.2.15 + NGINX, HTTP2 on, PHP 5.3.3, location Russia

The second is https://www.stencil-library.ru/
http://ping-admin.ru/free_test/result/1546583136y76e38hx10ng5oz4edgcq6.html - ping results
SSD VPS server 6 cores, 16 gb ram, apache 2.4 + NGINX, HTTP2 on, PHP 7.0, location Germany

All pings were from Russia.

I’m understand that SSL is cached but the first page view is delayed by 250 ms and tis is not good.

What could be a reason?

_az · January 4, 2019, 7:16am

You’d be best off benchmarking the handshake speed using the loopback interface on each machine.

From there you will know whether the delay is introduced for reasons of networking, or it is actually something in the software stack.

At the moment, there is no way of telling apart the signal and the noise.

stevenzhu · January 4, 2019, 7:19am

Well. It might be different networks (the ISPs that transit the requests...)
Also, You have a really OUTDATED php, Nginx... Not sure about other services. But those outdated services would affect loading (such as h1 / h2 and efficiency)

To better compare the server differences, you should use two machines on the same network/location with exact specifications. (and host exactly the same website with the same configurations)

But all we could do is guess, you'll need to resolve all things by yourself.

_az · January 4, 2019, 7:25am

I also noticed that the ciphersuite configuration is not quite the same, as my OpenSSL s_client negotiates a slightly different cipher to each server.

So if you wanted somewhere really easy to start, eliminating that difference would help.

kaavain · January 4, 2019, 7:56am

I’ve made one additional case and found that the difference depends of the server location.

If to ping Russian server from Russia - the SSL handshake takes 60 ms, but the same server if to ping from Europe - 250 ms. I’m not clever in HTTPS technique, but if CLIENT machine receiving the certificate - this mean RU-RU ping should be longer, if SERVER receives the certificate it should be no difference.

So I’m a little bit confusing.

By the way, it the delay is due to outdated PHP/Apache, this might bring the FIRST machine to be slower while it is not.

rg305 · January 4, 2019, 8:00am

This is confusing to me: (PING & SSL handshake)
PING uses ICMP and does NOT involve TLS (SSL handshaking).

kaavain · January 4, 2019, 8:03am

I’m not accurate in definitions. Of course not “ping” but complex server response:

http://ping-admin.ru/free_test/result/15465883205i84c57lg3g093w634ohu.html

rg305 · January 4, 2019, 8:04am

OK.
I do see the site provides much more than just PING.

system · February 3, 2019, 8:04am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.