Speeding up TLS handshaking


I’m running an API that runs over HTTPS that receives a fair amount of traffic from all over the world. We are running our servers from a cloud provider in London seeing high latency from users far away (in this example in Japan).

I was doing some investigation and it appears that I cant get around there being 2 round trips in order to complete the HTTPS request.

Using CURL to look further into whats happening. I currently have the domain proxied with Cloudlfare and SSL set to Full (Strict):

curl -w “dns_resolution: %{time_namelookup}, tcp_established: %{time_connect}, ssl_handshake_done: %{time_appconnect}, TTFB: %{time_starttransfer}\n” -o /dev/null -s “https://api.myapp.op/

dns_resolution: 0.013583, tcp_established: 0.016069, ssl_handshake_done: 0.026313, TTFB: 1.048643

So the SSL Handshake is only taking 0.02 seconds; clearly this is a CF edge server doing this. But there are 2 round trips here between Japan and London (latency is around 250ms and request taking around 1 second).

If I do the same thing with HTTP I get:

dns_resolution: 0.005238, tcp_established: 0.007622, ssl_handshake_done: 0.000000, TTFB: 0.483327

i.e. 1 round trip

SO. My question is, is there a way I can get Cloudflare to remove the need for this second round trip? I tested with SSL set to flexible, and indeed that did halve the time from ~1000ms to ~500ms but obviously this is not secure, and so not acceptable. Is there a product/setting withing Cloudflare to remove this round trip, or is that impossible from the HTTPS side?


If your origin server supports TLS 1.3 that will minimize the number of requests required to the origin. Similarly you can enable 0-RTT if your plan supports it.

Also Cloudflare Argo is probably a reasonable feature to investigate as well. https://www.cloudflare.com/products/argo-smart-routing/

This topic was automatically closed after 30 days. New replies are no longer allowed.