Can SSL/TLS encryption mode is Full (strict) lead to performance issues?

At the moment I run my website without Proxy. When I turn proxy on the TTFB is 1.5 minutes.
Chrome Developer Tools waterfall shows it happens on the first line, loading domain.xyz.
Will it help when I turn encryption mode to flexible?

That one is really strange.

What is your domain name?

Maybe your host/origin is offering HTTP/2 with ipv6only=on, but something is missconfigured and takes so long?

Can you check if you have an SSL certificate installed at your host/origin for your domain?
Moreover, do you serve visitors over HTTPS (443 port) or some other if enabled and available to you?

Does something appear in your access or error log files?
Do you have some backend issues with your web application at your host/origin server (like MySQL queries not being optimized, no cache, large resource files, etc.)?

That mode is really not recommend - see below why, thus it would mean Cloudflare would connect to your origin via HTTP connection (80), and not HTTPS (443).
I do not see any help using Flexible SSL.

The URL is https://www.itpedia.nl

The SSL certificate was expired a month ago and the host had to install a new certificate (Comodo).
Hosting used to have error logging but that isn’t supported any more. Where should I look for in the access logging?
Besides Wordpress I also have my own Mysql queries, but they ran well for more than 8 years.

While replacing the SSL certificate I was asked to return the nameservers to the host. After that I misstyped one of the Cloudflare nameservers. Is there a way to check if that is okay?

When I tested it recently, the TTFB is really fast for me at my end.

You can perform TTFB test using the below tool:

That could also be the reason why it took so long.

You do not need to do it.
If needed, just make sure your A and/or CNAME records are :grey: cloud in the moment of renewing your SSL certificate at your host/origin.
When finished/renewed, just turn back to :orange: cloud.

Yes, here:

Yes, I understand that the TTFB is fast now, because I turned the proxy off. It only happens when the proxy is on.

To make it even stranger, it often happens in the weekends. Maybe it is connected to some kind of update. I already added “Crawl-delay: 5” to robots.txt, to rule Google crawl out.


Could the unexpected failure mean anything?

Do you have any AAAA records at Cloudflare DNS dashboard?
Maybe Cloudflare wants to connect to IPv6 instead of IPv4 at your origin via HTTPS (443).

Moreover, if the “slow thing” happens when you have :orange: clouds, and now when the SSL is valid and generated, which SSL option you have selected?
Can you switch to Full SSL? (different than Full SSL (Strict))

Yes, I have AAAA records in my DNS. That would explain why the site isn’t always slow.
Should I delete them?
Yes, that is another thing, before the new certificate I used the Flexibel option. But then I saw Full SSL Strict was better.
Should I switch to Full SSL?
(I feel we are getting somewhere)

I ran SSL labs on the www versions and that is okay.
A second run on the version without www (after clairing the cach), resulted in the Unexpected failure again.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.