1. Home
2. Questions
3. Tags
5. Users
6. Jobs
7. Companies
8. Unanswered
Teams

Now available on Stack Overflow for Teams! AI features where you work: search, IDE, and chat.
Learn more Explore Teams
Teams
Ask questions, find answers and collaborate at work with Stack Overflow for Teams. Explore Teams

Timeline for Why is a TLS handshake taking forever (20 seconds) on a VPS?

Current License: CC BY-SA 3.0

14 events

when toggle format	what		by	license	comment
Nov 6, 2018 at 11:00	history	bumped	CommunityBot		This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Oct 3, 2018 at 22:46	answer	added	Alexis Wilke		timeline score: 1
Oct 3, 2018 at 22:42	comment	added	Alexis Wilke		@S.Imp Ah. Yes. It may be something else for you, but in my case I solved this problem by fixing the firewall. I was only allowing 127.0.0.1 and DigitalOcean defines a 127.0.1.1 and uses it to resolve names and SSH does a name resolution on connection. Just in case I added an answer.
Oct 3, 2018 at 18:22	comment	added	S. Imp		Is this problem solved? I'm also having the exact same problem I think. TLS negotiation takes forever. HostnameLookups are off for apache. No significant delay via ssh.
Sep 12, 2018 at 12:01	history	tweeted			twitter.com/ServerFault/status/1039846466968268800
Feb 14, 2016 at 1:48	comment	added	jcaron		Also SSH does not actually use SSL/TLS, but a different protocol.
Feb 14, 2016 at 1:20	comment	added	Alexis Wilke		Wow! That was it! I can understand that the DNS is required for Apache2, but I have to say that the fact that SSH was also bugged down was super surprising to me and did not ring the bell! Ah! I see that the SSH server does a reverse lookup by default. Now I understand why it would react like Apache2.
Feb 14, 2016 at 1:18	comment	added	Alexis Wilke		Oh! It looks like the DNS is blocked by the firewall. It worked before, but someone else may have changed something there... Let me make sure port 53 is open properly and try again.
Feb 14, 2016 at 1:15	history	edited	Alexis Wilke	CC BY-SA 3.0	Added the resolv.conf data
Feb 14, 2016 at 1:12	comment	added	Michael Hampton		Can your server perform DNS lookups against Google DNS? Are there log entries from Apache or ssh regarding the problem?
Feb 14, 2016 at 1:10	history	edited	Alexis Wilke	CC BY-SA 3.0	Added the resolv.conf data
Feb 14, 2016 at 0:56	comment	added	Tim		It's not the TLS handshake, it's the time to first byte, according to this test webpagetest.org/result/… . Have a look at the details graph. Look at your resources, look at what's different about the slow ones. Is it hitting PHP which is using too much CPU? RAM constrained?
Feb 14, 2016 at 0:45	comment	added	Michael Hampton		Chrome's timings are more detailed, and show SSL negotiation is completing quickly. Your problem occurs after that is complete. Please post a copy of the server's `/etc/resolv.conf` and check your Apache configuration for the `HostnameLookups` setting.
Feb 13, 2016 at 23:59	history	asked	Alexis Wilke	CC BY-SA 3.0