Initial Connection takes very long time

Server NGINX
1

Hi,
I’m using nginx 1.5.7 for SSL termination for my websites (no encryption
betwwen nginx-origin servers).

This is my test result:
WebPageTest Test - WebPageTest Details you can see
it
took more than 9 seconds for initiation

My SSL config part in nginx.conf:

ssl_session_cache shared:TLSSL:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA256:HIGH:!kEDH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_certificate server.crt;
ssl_certificate_key server.key;

I know it have to trade on high encryption, but 9 seconds is too slow to
init a new connection. I highly appreciate your comments to help me to
reduce that waiting time. Thanks.

Posted at Nginx Forum:

2

On 12/09/13 12:51, Neddy wrote:

This is my test result:
WebPageTest Test - WebPageTest Details you can see it
took more than 9 seconds for initiation

At least one issue with https://instavn.com - there is no intermediate
certificates provided.

http://nginx.org/r/ssl_certificate

If intermediate certificates should be specified in addition to a primary
certificate, they should be specified in the same file in the following
order: the primary certificate comes first, then the intermediate
certificates.

If you use certificate from Comodo, intermediate certificates can be
downloaded from

3

I added Essential bundle CA cert into a certchain, but it’s no change.

Posted at Nginx Forum:

4

This seems like a firewall or router issue, your server isn’t even
replying
to port 443 connection attempts for a very long time.

04:41:15.000800 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750622551 ecr
0,nop,wscale 7], length 0
04:41:15.997096 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750622801 ecr
0,nop,wscale 7], length 0
04:41:18.001097 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750623302 ecr
0,nop,wscale 7], length 0
04:41:22.009097 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750624304 ecr
0,nop,wscale 7], length 0
04:41:30.025097 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [S], seq
2650257073, win 14600, options [mss 1460,sackOK,TS val 1750626308 ecr
0,nop,wscale 7], length 0
04:41:30.257270 IP 118.69.68.219.443 > x.x.x.x.40069: Flags [S.], seq
571024000, ack 2650257074, win 14480, options [mss 1398,sackOK,TS val
1060007116 ecr 1750626308,nop,wscale 5], length 0
04:41:30.257289 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [.], ack 1,
win
115, options [nop,nop,TS val 1750626366 ecr 1060007116], length 0
04:41:30.257429 IP x.x.x.x.40069 > 118.69.68.219.443: Flags [P.], seq
1:321, ack 1, win 115, options [nop,nop,TS val 1750626366 ecr
1060007116],
length 320

5

On 12/09/13 12:51, Neddy wrote:

This is my test result:
WebPageTest Test - WebPageTest Details you can see it
took more than 9 seconds for initiation

Try to connect from local server, e. g.

server_with_nginx> openssl s_client -connect 127.0.0.1:443

If local connection is fast, problem may be in network or firewall
settings.