Sunday, July 24, 2011

Really Slow SSL

‹prev | My Chain | next›

Tonight, I try to take a closer look at the long delay in SSL connection establishment that I noticed last night. The delay is somewhat to be expected because I am testing with a 50ms delay in each direction, for a round trip time (RTT) of 100ms. I am still perplexed because it is taking a very long time to SSL negotiate (700-800ms). Also, this delay seems to be relatively recent. In previous runs, I saw less than 300ms.

To the Wiresharks!

My VM is restarted so there are no existing connections to the server. I also clear my browser cache (all time), which clears out the certificate as well. When I access the site, I see:



So far, so good. Nice, normal TCP connection establishment. SSL negotiation is off to a good start. It has take 200ms so far, but if the key exchange / SSL handshake come through quickly things might get done within 400ms.

Unfortunately, what happens next is:



And this I do not understand at all. The TCP/IP connection that was being used for SSL negotiation is closed, a new stream is established and SSL negotiation starts all over!



By the time the first bits of SSL data hits the wire, more than 600ms have elapsed. No wonder I am seeing such a big delay. But why?

My VMs no longer have Apache SSL installed on them. I will have to get that back tomorrow, but first I check out a normal SSL conversation—with github. Loading up my dashboard (after again clearing the cache) looks like:



Whoa. That's just weird. The browser is starting up three interweb tubes. It is as if Chrome knows that github is going to need three interweb tubes and opens them immediately after I request the page. That seems crazy because the SSL connection needs to be negotiated on all three tubes right away. Happily, it does conclude just fine, without any connection resets:



So the extremely slow SSL seems specific to my internal VM. Tomorrow, I will install SSL on an Apache VM to see if I can determine if this is specific to my node.js server or if it is a VM + network issue.

For now, I really need to finish off SPDY Book!

Day #83

No comments:

Post a Comment