Same origin server, much faster with 'Flexible SSL' than with 'Full SSL'

Hi,

My website does not show sensitive information (just public data, without users’ login), but I was told to implement Cloudflare’s ‘Full SSL’. However, since I did it, I’ve been experiencing speed issues, with TTFB values five times more than before.

I’ve done the following experiment with a very simple 92-byte HTML static page.

  • mywebsite.com/test.html … Wait time = 200 ms (average)
    — Edge Certificates: ‘SHA 2 ECDSA’ and ‘SHA 2 RSA’ managed by CloudFlare
    — Origin Certiciate: I’ve got “Let’s Encrypt” certificates.

  • foo.com/test.html (the same HTML code at the same server with other domain) … Wait time = 40 ms (average)
    — Edge Certificates: just ‘SHA 2 ECDSA’ managed by CloudFlare
    — Origin Certiciate: No certificates.

For my website, it’s important that TTFB are fast, and I wondered if it’s worth using ‘Full SSL’ in CloudFlare when I just need HTTPS protocol, but not a very strict security.

Thank you very much.

My test site uses Full (Strict) SSL and consistently has a TTFB <100ms.

Have you tested connecting directly to your site (:grey: DNS Record) with HTTP and HTTPS?

Have you tested connecting directly to your site?

Hi @ sdayman

Thank you very much for your kind answer.

I’ve just bypassed ‘mywebsite.com’ at Cloudflare (greyed the cloud icon), and the TTFB is very fast:

  • mywebsite.com/test.html … Wait time = 40 ms (average)
    — Edge Certificates: Bypassed traffic
    — Origin Certiciate: “Let’s Encrypt” certificates.

My origin server is a dedicated one, with FreeBSD 12 running and 8 cores. Unfortunately, I was not able to activate TLS v1.3 on FreeBSD, and my website only supports TLS 1.0, TLS 1.1 and TLS 1.2.

I’m not an expert on SSL. How can I check my server’s SSL configuration to know if it’s not properly defined? Should I change the Operating System of my origin server?

Thank you again.

This is a good SSL/TLS test:

This topic was automatically closed after 30 days. New replies are no longer allowed.