Recently received an SSL certificate for the organization’s website. After installing and configuring the site began to load up to 10-15 seconds. The site stands on BitrixVM5.1 with CentOs. Configuring nginx and apache was done elementary, enable ssl, specify the path to the certificate. Wireshark with repeated testing shows the same picture: ServerHello returns strictly in 10 seconds.

wireshark

How to find out in more detail where these 10 seconds go?

  • one
    1. the site is served by two servers at once? or one of them serves as a proxy? then why configure ssl on the second of the servers, “internal”? 2. The site code is “in the know”, that when giving out “absolute” links (type of схема://адрес ), it is necessary to substitute https as a scheme. - aleksandr barakin

1 answer 1

The problem was in the configuration of nginx, and more precisely in the outdated cipher suite.

It was

ssl_ciphers RC4: HIGH:! aNULL:! MD5:! kEDH;

has become

ssl_ciphers "EECDH + ECDSA + AESGCM: EECDH + aRSA + AESGCM: EECDH + ECDSA + SHA384: EECDH + ECDSA + SHA256: EECDH + aRSA + SHA384: EECDH + aRSA + SHA256: EECDH: EDH + aRSA:! aNULL:! eNULL: ! LOW:! 3DES:! MD5:! EXP:! PSK:! SRP:! DSS:! RC4 ";