I've configured an Apache server as a front for a Tomcat. On the httpd server, I've configured an https connection. This connection is mandatory, so all requests made using http are redirected to the https schema.
My site is really slow using this environment. I suppose that there is a misconfiguration somewhere, but I don't know where.
I've made a capture with Wireshark, and I see some encrypted alert. Following advice I've found on some forum, I've read about those alert messages. Some are supposed to be ok, but some are not. For example I've seen an alert with the code 46. Is it possible that with this kind of alert my site would be encrypted, but really slow??
Code 46 means "certificate_unknown", so it might be a problem with the certificate checking process. Well, then the browser should display an error message. Without further information about your setup (OS version, server software, client software, certificates) it's hard to make a good assumption about the possible problem.
One possible reason: If there is a CRL distribution point in your certificate, your browser might try to fetch the CRL and if it can't it may slow down your connection. The same is true for OCSP.
answered 17 Dec '12, 11:46
Kurt Knochner ♦
I opened your pcap file and looked at the SSL sessions to server 220.127.116.11. I used the filter "ip.addr==18.104.22.168 && (tcp.flags&7 || ssl)" to get a "clean" view on the traffic. Here are my findings:
Since SSL is a big CPU burden on a system (that's why there are a lot of devices offloading SSL from the server), my suspicion is that your server just can't take the load once all traffic is encrypted.
answered 19 Dec '12, 06:40