I’ve had a setup for quite some time now where I have configured an LE wildcard certificate in a custom Java application. So far, so good. That worked great for about the past six months until about yesterday or two days ago (cant pinpoint it precisely I am afraid), when the establishing of the TLS connection suddenly started to take “ages”, about 15 seconds. This appears to affect exclusively browsers (Firefox and Chrome) and there was no apparent change or upgrade to either configuration (neither browsers nor server side nor the certificate). From my perspective it started out of the blue.
One thing I noticed during my debug attempts so far is that I hadnt configured the intermediate certificate but only sent the actual site certificate. Adding the former one hasnt changed anything however.
Assuming, for the time being, that it is not a local issue my immediate thought would have been that there might be some problem with the live revocation check, however that does not seem to be the case.
As I said, I am a bit at a loss right now, would anybody have a possible explanation why that might suddenly start without any apparent local changes?
I was merely wondering what could be a possible reason for that behaviour. Typically my first guess would have been a delay certificate revocation check, but that does not seem to be the case here. Could there be anything else?
Possibly the software at your end is doing some kind of lookup in connection with each incoming connection before allowing the connection to complete (for example, a reverse DNS lookup).
I am actually a bit embarrassed and disappointed I havent thought of that earlier, as I had a similar issue years ago but in this case I completely ignored that possibility. It seems to be the exact issue as the one at https://coderanch.com/t/656284/java/HttpsServer-SSL-extremely-slow-times
Now I just need to find out how to convince Java to refrain from the lookup