strange gap results

We are seeing some very strange results with WPT. For example

It will connect, get the html page, process google analytics and then make no connection for 40+ seconds and then start retrieving the assets.

I noticed the other thread mentioning ssl gaps but that shouldn’t be the case here. It’s already connected and reuses the same connection to download the assets since it’s the same cert, ip but just a different server name.

Looking at the bandwidth line below the waterfall, it looks like something BIG is downloading using a consistent 2.5Mbps or so during the gap. Whatever it is isn’t showing up in the waterfall though so it’s something that the WPT code doesn’t know how to decode (or isn’t reported by dev tools).

Do you see it from other locations or with different pages on the same location?

Tried another location (Manchester this time, previously was London), and also a different url and got similar results:

Doing a test with tcpdump turned on:

  • it seems to fetch dns records for the even though the oscp should be stapled (as confirmed with ssllabs)
  • The client (wpt) seems to keep sending a RST/ACK and making new connections over and over (which is probably where the 2.5Mbps downloads comes from). Until something (?) and then it decides to accept the certificate?

wireshark of one of the connections during the strange period

Background of our setup:

We have 3 hostnames now all the same ip (although some dns resolves are still propagating it seems to some of the WPT hosts, but the capture had the right ip),, and

Configured using nginx, spdy, ocsp stapling, ev certs. We recently got one cert with the 3 hostnames all as alternative names. We did this to have a media domain but not to incur an extra ssl connect when using it. If the ip address and the certificate is the same the client doesn’t need to create make a new ssl connection.

Now we aren’t seeing the issue when accessing pages on but we see the issue when accessing The issue arises when it tries to connect to

Not seeing this locally but that doesn’t prove it isn’t happening.

It’s worth noting that OCSP stapling will only work for the leaf certificate. Any intermediaries will still need to be checked if they aren’t already trusted roots.

Does disabling pagespeed help improve test readability?

mod_pagespeed on the server? Not sure I understand but no flavor of PageSpeed I can think of should have a negative impact on reliability or consistency. Only possible interaction I can think of is for new content mod_pagespeed may take a few page loads before the server has optimized all of the resources.

In some instances, a misconfigured mod_pagespeed can go bezerk in a loop. So just a hunch after seeing such high processing of pagespeed happening in the WPT details of the site.

tried without mod_pagespeed (ModPagespeed=off) and got the same results. Looking at the tcpdump seems to be the ssl negotiation keeps retrying until it succeeds