Before the HTTPS, I got a really good score, A graded, from the www.webpagetest.org except the make use of CDN but after that, I decide to up my game by getting the ssl certificate for my website and do I know that it ruin the speed of my website. The First Byte Time used to be A and now, it gone to F. I’ve try adding fast_cgi and other thing to my nginx block but still the result is F and every time I open my website, it’s just darn slow. I know my website has a lot of image that need to take care of but before the HTTPS, it’s not a problem. I’ve disable cache and everything and the website load in like a second. What can I do to get back my speed?
Between the first SYN package, on the HTTP and HTTPS port, and the SYN/ACK reply by your server is 330 milliseconds. That’s one third of a second.
When using HTTP on port 80, the handshake is complete very quickly after the first SYN -> SYN/ACK responses. But when using TLS on port 443, there’s a lot more handshaking to be done.
After the initial 330 ms between the SYN from the client and the SYN/ACK from your server, the client sends a Client Hello TLS message. It takes your server another 340 milliseconds before it responds to the clients Client Hello.
Afterwards, it sends some TLS data quite quickly, but when the client begins the EC Diffie-Hellman negotiation, there’s another lag from your server, another 340 ms.
Together, your server takes 330 + 340 + 340 = 1010 seconds to respond with certain TLS responses… Which is rather long.
The CPU is Intel® Xeon® CPU E5-2630L v2 @ 2.40GHz (check from command line) and I had only 1 CPU because my package is 1 CPU, 1 GB ram, 20 GB ssd with 2 TB transfer.
I would like to know what can reduce the handshake time. Does it require good configuration or number of core of my CPU is not good enough? My current plan is 10$/mo and the 20$/mo give 2 CPU. Does the CPU of server impact the speed also?
I’m not sure how to speed up the handshake with just software configuration. Also, I’m not sure if such a slow handshake is solely the fault of the CPU… Perhaps it’s the platform in general, including memory and OS (kernel) or something.
Does it actually matter if your site gets a “F” for the initial timing? It’s just a letter. If your site loads reasonably fast “in total” and it doesn’t scare visitors away, why should such a letter really matter?
Since the day I gone HTTPS, a lot of images fail to load and fail in http request will slow down the website. It’s slow in the general. The site is not caching after the let’s encrypt for some reason. You can visit my site multiple time and see that it slow every time.
One more thing, Do you try to say that when every website gone HTTPS, there will be additional lag cause by the handshake? Is it happen to every website? I need to reduce the http request on my website and see.
Yes, there is almost no handshaking involved with HTTP. That's just low-level TCP handshaking (SYN, SYN/ACK, ACK). With TLS (HTTPS), there's a lot more handshaking involved, with a lot more delay. How much delay depends on multiple factors, such as server speed, used TLS ciphers (although almost no one uses DHE without elliptic curves any more) et cetera. HTTP/2 might speed up site loading in general, but the initial handshake remains.
