Initial Connection takes very long time

Hi,
I’m using nginx 1.5.7 for SSL termination for my websites (no encryption
betwwen nginx-origin servers).

This is my test result:
http://www.webpagetest.org/result/131209_M2_BYF/1/details/ you can see
it
took more than 9 seconds for initiation

My SSL config part in nginx.conf:

ssl_session_cache shared:TLSSL:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA256:HIGH:!kEDH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_certificate server.crt;
ssl_certificate_key server.key;

I know it have to trade on high encryption, but 9 seconds is too slow to
init a new connection. I highly appreciate your comments to help me to
reduce that waiting time. Thanks.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,245344,245344#msg-245344

On 12/09/13 12:51, Neddy wrote:

This is my test result:
http://www.webpagetest.org/result/131209_M2_BYF/1/details/ you can see it
took more than 9 seconds for initiation

At least one issue with https://instavn.com - there is no intermediate
certificates provided.

http://nginx.org/r/ssl_certificate

If intermediate certificates should be specified in addition to a primary
certificate, they should be specified in the same file in the following
order: the primary certificate comes first, then the intermediate
certificates.

If you use certificate from Comodo, intermediate certificates can be
downloaded from
https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=1

I added Essential bundle CA cert into a certchain, but it’s no change.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,245344,245350#msg-245350

This seems like a firewall or router issue, your server isn’t even
replying
to port 443 connection attempts for a very long time.

04:41:15.000800 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750622551 ecr
0,nop,wscale 7], length 0
04:41:15.997096 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750622801 ecr
0,nop,wscale 7], length 0
04:41:18.001097 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750623302 ecr
0,nop,wscale 7], length 0
04:41:22.009097 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750624304 ecr
0,nop,wscale 7], length 0
04:41:30.025097 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750626308 ecr
0,nop,wscale 7], length 0
04:41:30.257270 IP 118.69.68.219.443 > x.x.x.x.40069: Flags [S.], seq
571024000, ack 2650257074, win 14480, options [mss 1398,sackOK,TS val
1060007116 ecr 1750626308,nop,wscale 5], length 0
04:41:30.257289 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [.], ack 1,
win
115, options [nop,nop,TS val 1750626366 ecr 1060007116], length 0
04:41:30.257429 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [P.], seq
1:321, ack 1, win 115, options [nop,nop,TS val 1750626366 ecr
1060007116],
length 320

On 12/09/13 12:51, Neddy wrote:

This is my test result:
http://www.webpagetest.org/result/131209_M2_BYF/1/details/ you can see it
took more than 9 seconds for initiation

Try to connect from local server, e. g.

server_with_nginx> openssl s_client -connect 127.0.0.1:443

If local connection is fast, problem may be in network or firewall
settings.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs