logoon  windows
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Forum Register Log in  RSS Apache Lounge



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored by anyone.

Your donations will help to keep this site alive and well, and continuing the building of the binaries.



SSL performance depends on OCSP response time

 
Post new topic   Reply to topic    Apache Forum Index -> How-to's & Documentation & Tips



View previous topic :: View next topic  
Author Message
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2156
Location: Hilversum, NL, EU

PostPosted: Fri 26 Apr '13 14:50    Post subject: SSL performance depends on OCSP response time Reply with quote

When a visitor accesses a website, the browser needs to check the validity status of the SSL Certificate before the content is rendered to the waiting visitor. CRLs and OCSP are standard compliant ways of doing revocation checking. The speed at which this happens depends on the reliability and performance of the CA's infrastructure, and will have a direct impact on your website performance. The shorter the validation time, the faster your website will load for website visitors.

See the Report. StartSSL's OCSP response time appears to be ten times faster than Geotrust/RapidSSL/Symantec. And I have StartSSL certficates.

https://revocation-report.x509labs.com/#ocsp=root,crl=root,ocspRange=2013-04-18+2013-04-24,crlRange=2013-04-18+2013-04-24

Steffen
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 1695
Location: Sun Diego, CA, USofA

PostPosted: Fri 26 Apr '13 19:57    Post subject: Reply with quote

StarSSL's OCSP server may be 10 times faster, but it's unavailable plenty.

[Thu Apr 25 01:50:26.524125 2013] [ssl:error] [pid 1020:tid 780] [client xxx.xxx.xxx.xxx:3783] AH01980: bad response from OCSP server: 503 Service Unavailable

[Tue Apr 23 04:20:19.039750 2013] [ssl:error] [pid 1020:tid 708] [client yyy.yyy.yyy.yyyy:50963] AH01980: bad response from OCSP server: 503 Service Unavailable
Back to top


Post new topic   Reply to topic    Apache Forum Index -> How-to's & Documentation & Tips
Page 1 of 1