I have disabled the SSL forcing by request of the developers for now. - mgorny reports it takes 10 seconds to load ANY page with SSL. - nirbheek reports 2 to 12.5 seconds. Check entropy on servers? haveegd maybe?
fwiw I don't really see slowness with SSL, at least not that I notice (or worse than before). Do we have a standard way to measure this other than loading through the browser? Gathering some statistics might be useful.
(In reply to comment #1) > fwiw I don't really see slowness with SSL I really doubt SSL would be the culprit. > Do we have a standard way to measure this other than loading > through the browser? Gathering some statistics might be useful. You could use WebService, and see how fast it is.
I was curious, so I ran Wireshark. It looks like, for Opera anyway, a lot of time is spent grabbing CRLs and OCSP responses from CAcert, and not actually talking to b.g.o.
Disabling the OCSP/CRL, how much faster does it load?
CC'ing mgorny and nirbheek here. Also it should be faster at all since we switched to mod_perl recently.
(In reply to comment #5) > CC'ing mgorny and nirbheek here. > > Also it should be faster at all since we switched to mod_perl recently. Yeah, it seems very fast ATM.
Loads quite swiftly now, thanks!
Ok, thanks. So we will turn it back on again as soon as we got our new cert(s).
Well, you pinged me in #gentoo-dev about it and I said it was much improved. The XML-RPC thingy or whatever it is that inserts contacts in response to typing is too laggy for me to be useful, but that is probably not related to HTTPS, and otherwise I have no more complaints.