Could someone explain why KeepAlive fails for all requests to ocsp.comodoca.com ? Actually I’m not sure what these requests are about, a part from the fact it has to do with my SSL certificate provider.
Sometimes if I re-run the test, KeepAlive works.
Here’s the test result :
I believe this is the reason for my GRADE F for TTFB. If I don’t use HTTPS, I never have this problem.
After contacting Comodo support team, here’s their reply. Is WebPageTest really an unreliable site to test site latency ?
Thank you for your email, unfortunately you are using an unreliable site to test your latency on your site. We do not assist with performance issues on your site. We have tested your site using a more reliable provider which shows your site to be A+.
If you need assist with optimizing your performance of your site you will have to speak with a server administrator or your hosting company. As an ssl certificate will not slow down your site.[/i]
KeepAlive will only fail if more than one request was made to the target domain during the page load. It is probably intermittent because sometimes a 3rd-party ad or something like that also needs validation and sometimes it doesn’t.
And yes, the OCSP verification check will absolutely cause TTFB to fail. The best you can do to avoid the validation check is to staple the OCSP checks as part of your server config so the validation will come down with the certificate. This is probably way more information than you ever wanted on TLS performance but it is a good read (the whole book actually): https://hpbn.co/transport-layer-security-tls/
Some versions of IE on some OS’s will not use stapling though so you won’t be able to eliminate it entirely.
As far as SSL Labs goes, that doesn’t have anything to do with performance, just the security of your certificate configuration. There IS an entry in the report that tells you if OCSP Stapling is enabled (no in this case) but it isn’t part of the grade.
wow! very interesting stuff here. I didn’t know about OCSP Stapling. Will definitely look into that.
Yes, I know that SSLLabs does not check anything about performance, that’s what I replied to comodo support.