Tracking and Increasing SSL performance


I’m running an API that runs over HTTPS that receives a fair amount of traffic from all over the world. We are running our servers from a cloud provider in London seeing high latency from users far away (in this example in Japan).

I was doing some investigation and it appears that I cant get around there being 2 round trips in order to complete the HTTPS request.

Using CURL to look further into whats happening. I currently have the domain proxied with Cloudlfare and SSL set to Full (Strict):

curl -w “dns_resolution: %{time_namelookup}, tcp_established: %{time_connect}, ssl_handshake_done: %{time_appconnect}, TTFB: %{time_starttransfer}\n” -o /dev/null -s “https://api.myapp.op/

dns_resolution: 0.013583, tcp_established: 0.016069, ssl_handshake_done: 0.026313, TTFB: 1.048643

So the SSL Handshake is only taking 0.02 seconds; clearly this is a CF edge server doing this. But there are 2 round trips here between Japan and London (latency is around 250ms and request taking around 1 second).

If I do the same thing with HTTP I get:

dns_resolution: 0.005238, tcp_established: 0.007622, ssl_handshake_done: 0.000000, TTFB: 0.483327

i.e. 1 round trip

SO. My question is, is there a way I can get Cloudflare to remove the need for this second round trip? I tested with SSL set to flexible, and indeed that did halve the time from ~1000ms to ~500ms but obviously this is not secure, and so not acceptable. Is there a product/setting withing Cloudflare to remove this round trip, or is that impossible from the HTTPS side?


This topic was automatically closed after 30 days. New replies are no longer allowed.