Slow SSL in Chrome [Solved]

Chrome 500-5000ms
Firefox >100ms

Why is this so slow and how can I fix it?

Looks like you have serious server performance issues. It’s only affecting your domain and it shows up in the SSL negotiation as well at TTFB. It could be serious networking issues or problems with the server itself. You need to ping your hosting company to have them take a look.

I am the host company :slight_smile:

Server load is very low, other servers with the same config have no issues. And the issue only shows up in Chrome tests.

Works fine on my desktop as well. I suspect it might be related to the huge CRL provided by the cert, but afaik Chrome doesn’t use CRLs. is over 6M

It shows up in your Firefox tests as well:

There are also some long TTFB cases which is what led me to think it is more of a server issue:

If you grab a tcpdump with the test it should give you a bit more visibility into whatever is going on but if it is server side you will just see big gaps.

Thanks for the help. tcpdump showed a long stall between Client Hello and Server Hello, indicating it was a server issue.

I then checked /server-status and saw all the workers were full. I had changed

ServerLimit           24
MaxClients            192

but only did a reload, not a full restart, so the change hadn’t taken effect. Doing a restart of apache got me the extra workers I needed, and my speeds are no longer having long hangs at the SSL stage.