Poor DNS/SSL performance

When hitting from a new location, DNS + TLS negiciation is about 500ms, any subsequent request is only 30-40ms. Any ideas?

That is usually the server’s fault (in addition to the fact that the HTML isn’t cache day default on Cloudflare) that takes a bit to reply or is physically distante from Cloudflare’s edge node.

Hello thanks for reply
I tried hard coding the HTML in a cloud worker but it did not improve the TFB so the issue isnt the origin server

The other alternative, considering that Workers are extremely quick to respond is that you are simply far away from the edge node or the latency of your connection is bad. 190ms lookup means a high latency on your part to the node.

what connection speed profile and location you running webpagetest from ?

check which geographic cf datacenter the webpagetest was hitting and it’s relative geographic distance to webpagetest location as ultimately distance matters but SSL handshake/connection is between 2 servers so could be either end or both as factors. You can verify testing different webpagetest geographic locations, browser client profiles and speed profiles as well.

example webpagetest test on 5mbps cable chrome client for wordpress blog in San Jose US West Coast using Cloudflare free plan with CF Worker HTML cache.

test against

  • webpagetest Dulles, VA US East coast
  • webpagetest Calfironia EC2, US West coast

webpagetest Dulles, VA US East coast

webpagetest Calfironia EC2, US West coast

and if you do repeated visit multi step webpagetest showing caching at play for revisits

tested your mocham.com web site in multi step dulles cable 5mbps and looks good for non-cached HTML to origin



noticed amazon headers, your origin on Amazon EC2 or Amazon Lightsail ? The latter is known for cpu congestion so wouldn’t be surprised there’s performance variance as would be case of you’re using Amazon EC2 with cpu burstable instances that don’t guarantee cpu performance.

or proxied to Amazon S3 bucket assets ?


and from https://tools.keycdn.com/performance?url=https://www.mocham.com/

TTFB is geographically dependent especially for non-HTML cached pages which suggests slower connection/TTFB for you to your origin for US West or Asian countries and faster for US East and Europe, so your origin in US East side or more like Europe ?


For the folks asking here’s the profile I am using.

Also Eva2000, the origin is AWS S3 with the classic static webpage sharing. Also thanks a lot for the keycdn tool, it’s very useful!

Would the solution be creating a S3 bucket in Asia / West coast location, and I suppose Cloudflare can choose whichever origin based on geographical location? To be honest even 300ms in Europe doesnt look great…

Thanks a lot for your help

There’s your issue 4G has minimum 170ms RTT = round trip time or the 1-way ping response time. So latency response times for 2-way SSL handshake between 2 servers seem to be about right. Look at your initial connection time = 172ms.

Speed and type of ISP connection factors into your TTFB numbers and hence why Google is focused on mobile 3G emulated nexus 5 page speed numbers in Google PageSpeed insights lab tests to highlight such.

see my wordpress blog’s 4G speed in london UK same, initial connection = 167ms which is dependent on 4G 170ms RTT profile

law of physics (speed of light) won’t allow speed faster than the minimum round trip times of your ISP connection - which on 4G = 170ms

It’s what Google is trying to inform folks about, not all of the world is on fast ISP connections, majority of emerging markets and developing countries are on 2G or 3G with 300-400ms RTT and slow mobile devices.

Example Africa with 3G slow 400ms RTT speed

so 61KB wordpress page on 3G slow 400ms RTT took 4.5 seconds to fully download with speed index of 2.8s for visual render. So if you want 1 second page download time on 3G slow 400ms RTT, you’d max page size budget would be at around 61/4.5 = 13KB max page size allowed.

1 Like

If you want optimal speed for all the world, the US West coast might be best it’s smack bang in middle between Europe and Asia and decent for entire USA. It’s where I usually aim my geographic location for hosting. On other hand if your visitors are majority in one region, you’d want your origin in that location.

That’s very good information, thanks
Okay I see that make sense for the negociation time yes
So what about the TTFB in London in the test you linked earlier? it shows 120ms in London (Where my server is), and barely goes under it anywhere, averaging 300ms in Europe.
I would expect the TTFB to be under 100ms for a static website no?
I’m gonna do some testing disabling features in Cloudflare see what the impact is

On a 4G connection test with a minimum latency > 100ms getting under 100ms requires a time machine…


You mean keycdn tests at https://tools.keycdn.com/performance ? Those are on a faster ISP connection profile than 4G most likely or if not artificially throttled would be full 1Gbps network speeds given my Wordpress blog’s results below on Cloudflare free plan

Oh I’m wishing for some smart folks at Cloudflare to develop faster than light speed fibre technology :sunglasses: :smiley:


Sorry for the slow response.
Yes that’s what I meant, your test shows 50ms for London, but mine shows 120ms, and even goes up to 300ms for Paris which is still in the same area.

This is from the origin server without Cloudflare:

This topic was automatically closed after 30 days. New replies are no longer allowed.