centos6 - Make SSL faster on Linux CentOS with Apache 2.4 OpenSSL 1.0 -

-

colleagues!

well, huge problem speed of ssl authentication. since move website ssl, googlebot reduce indexing of website, because ssl negotiation below value got webpagetest.org:

url: https://www.musiconline.com.br/jorge-e-mateus/alcapao/

host: www.musiconline.com.br

error/status code: 200

client port: 0

start offset: 0.735 s

dns lookup: 34 ms

initial connection: 170 ms

ssl negotiation: 531 ms

time first byte: 311 ms

content download: 178 ms

bytes in (downloaded): 13.2 kb

bytes out (uploaded): 0.4 kb

look, "ssl negotiation" in 531ms, big value.

someone know how can solve issue?

i verified mod_spdy, however, can't install because follow message in linux centos 6, apache 2.4:

root@server1 [/home/login/src]# rpm -u mod-spdy-*.rpm

warning: mod-spdy-beta_current_x86_64.rpm: header v4 dsa/sha1 signature, key id 7fac5991: nokey

error: failed dependencies:

    httpd >= 2.2.4 needed mod-spdy-beta-0.9.4.3-420.x86_64      mod_ssl >= 2.2 needed mod-spdy-beta-0.9.4.3-420.x86_64

root@server1 [/home/login/src]# httpd -v

server version: apache/2.4.12 (unix)

server built: mar 21 2015 10:58:04

cpanel::easy::apache v3.28.4 rev9999

root@server1 [/home/molbr/src]# uname -a

linux server1.musiconline.com.br 2.6.32-431.20.3.el6.x86_64 #1 smp thu jun 19 21:14:45 utc 2014 x86_64 x86_64 x86_64 gnu/linux

thanks assistance.

initial connection: 170 ms

ssl negotiation: 531 ms

looking @ packet capture can see after initial tcp handshake client starts handshake , takes long time server send necessary data (serverhello, certificates...). these data need 5 packets , due various tcp magic , os tuning last packet send once got acknowledgements previous packets. in detail tcp magic might tcp slow start fixed initial congestion windows of 4 centos version use (see https://www.igvita.com/2011/10/20/faster-web-vs-tcp-slow-start/).

what can do: fix certificate chain. if @ ssllabs report see "chain issues: contains anchor" means send root certificate though root certificate ignored client , instead trusted ca built client used (trust chain must built local trust!). if fix configuration removing root certificate data sent server shorter , not run slow-start problem.


Comments

Post a Comment

Popular posts from this blog

java - Could not locate OpenAL library -

-
i writing game using slick2d library, uses lwjgl. lwjgl version 2.9.3. using netbeans 8. i tried adding sounds game, example music track on main menu. problem is, exception when run game, despite game still compiling , running except sound of course: sat mar 21 01:23:57 edt 2015 error:could not locate openal library. org.lwjgl.lwjglexception: not locate openal library. @ org.lwjgl.openal.al.create(al.java:156) @ org.lwjgl.openal.al.create(al.java:156) @ org.lwjgl.openal.al.create(al.java:102) @ org.lwjgl.openal.al.create(al.java:206) @ org.newdawn.slick.openal.soundstore$1.run(soundstore.java:295) @ java.security.accesscontroller.doprivileged(native method) @ org.newdawn.slick.openal.soundstore.init(soundstore.java:292) @ org.newdawn.slick.music.<init>(music.java:156) @ org.newdawn.slick.music.<init>(music.java:75) @ view.mainmenu.init(mainmenu.java:58) i didn't include rest of error states error happens in game code. the...
Read more

c++ - Delete matches in OpenCV (Keypoints and descriptors) -

-
i want check scene image against 2 train images. that, detect features , compute descriptors of both training images. before detecting, computing , matching scene image, delete matches of train1 , train2. because these matches won't facilitate matching of scene image train1 , train2. so, match train1 train2 , vector of matches trainidx , queryidx. how can delete these matches in keypoints-vector , descriptor matrix of train1 , train2? best regards, dwi i have done below: std::vector<cv::keypoint> keypoints[2]; cv::mat descriptor[2]; std::vector< cv::dmatch > matches; /* write code generate keypoints, descriptors , matches here... keypoint[0] -> train image 1 keypoints keypoint[1] -> train image 2 keypoints descriptor[0] -> train image 1 descriptors descriptor[1] -> train image 2 descriptors matches -> matched between train image 1 , 2 */ // logic keep unmatched keypoints , corresponding descriptor...
Read more

sorting - opencl Bitonic sort with 64 bits keys -

-
i used nvidia sdk bitonic sort , works great me. 32 bits (uint) need ulong keys. have typically 2^14 keys @ time , power of 2. searched on not find kernel designed ulong. i tried modified nvidia sdk bitonic sort using ulong keys not work. kernel not crash after de call clenqueuendrangekernel got error : cl_invalid_command_queue can tell me how modify bitonic sort or radixsort, or can sort ulong keys? i running nvidia quadro 4000 opencl 1.1 cuda 6.5.20 full_profile used original nvidia sdk bitonicsort.cl i used"ulong" keys , value input , ouput instead of "uint" thanks helping i made work-around suit need. used 30 bits of key , 18 high bits of value sorting. changed comparators (2 lines): '#define mask 0xffffc000 // suit need from this: if( (*keya > *keyb) == dir ) this: if(((*keya > *keyb)||((*keya == *keyb)&&((*vala & mask)> (*valb & mask)))) == dir ) it works fine. but, still, it's work-a...
Read more