logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> How-to's & Documentation & Tips View previous topic :: View next topic
Reply to topic   Topic: SSL performance depends on OCSP response time
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3046
Location: Hilversum, NL, EU

PostPosted: Fri 26 Apr '13 14:50    Post subject: SSL performance depends on OCSP response time Reply with quote

When a visitor accesses a website, the browser needs to check the validity status of the SSL Certificate before the content is rendered to the waiting visitor. CRLs and OCSP are standard compliant ways of doing revocation checking. The speed at which this happens depends on the reliability and performance of the CA's infrastructure, and will have a direct impact on your website performance. The shorter the validation time, the faster your website will load for website visitors.

See the Report. StartSSL's OCSP response time appears to be ten times faster than Geotrust/RapidSSL/Symantec. And I have StartSSL certficates.

https://revocation-report.x509labs.com/#ocsp=root,crl=root,ocspRange=2013-04-18+2013-04-24,crlRange=2013-04-18+2013-04-24

Steffen
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Fri 26 Apr '13 19:57    Post subject: Reply with quote

StarSSL's OCSP server may be 10 times faster, but it's unavailable plenty.

[Thu Apr 25 01:50:26.524125 2013] [ssl:error] [pid 1020:tid 780] [client xxx.xxx.xxx.xxx:3783] AH01980: bad response from OCSP server: 503 Service Unavailable

[Tue Apr 23 04:20:19.039750 2013] [ssl:error] [pid 1020:tid 708] [client yyy.yyy.yyy.yyyy:50963] AH01980: bad response from OCSP server: 503 Service Unavailable
Back to top


Reply to topic   Topic: SSL performance depends on OCSP response time View previous topic :: View next topic
Post new topic   Forum Index -> How-to's & Documentation & Tips