Timeline for Why is a TLS handshake taking *forever* (20 seconds) on a VPS?
Current License: CC BY-SA 3.0
14 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
Nov 6, 2018 at 11:00 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
Oct 3, 2018 at 22:46 | answer | added | Alexis Wilke | timeline score: 1 | |
Oct 3, 2018 at 22:42 | comment | added | Alexis Wilke | @S.Imp Ah. Yes. It may be something else for you, but in my case I solved this problem by fixing the firewall. I was only allowing 127.0.0.1 and DigitalOcean defines a 127.0.1.1 and uses it to resolve names and SSH does a name resolution on connection. Just in case I added an answer. | |
Oct 3, 2018 at 18:22 | comment | added | S. Imp | Is this problem solved? I'm also having the exact same problem I think. TLS negotiation takes forever. HostnameLookups are off for apache. No significant delay via ssh. | |
Sep 12, 2018 at 12:01 | history | tweeted | twitter.com/ServerFault/status/1039846466968268800 | ||
Feb 14, 2016 at 1:48 | comment | added | jcaron | Also SSH does not actually use SSL/TLS, but a different protocol. | |
Feb 14, 2016 at 1:20 | comment | added | Alexis Wilke | Wow! That was it! I can understand that the DNS is required for Apache2, but I have to say that the fact that SSH was also bugged down was super surprising to me and did not ring the bell! Ah! I see that the SSH server does a reverse lookup by default. Now I understand why it would react like Apache2. | |
Feb 14, 2016 at 1:18 | comment | added | Alexis Wilke | Oh! It looks like the DNS is blocked by the firewall. It worked before, but someone else may have changed something there... Let me make sure port 53 is open properly and try again. | |
Feb 14, 2016 at 1:15 | history | edited | Alexis Wilke | CC BY-SA 3.0 |
Added the resolv.conf data
|
Feb 14, 2016 at 1:12 | comment | added | Michael Hampton | Can your server perform DNS lookups against Google DNS? Are there log entries from Apache or ssh regarding the problem? | |
Feb 14, 2016 at 1:10 | history | edited | Alexis Wilke | CC BY-SA 3.0 |
Added the resolv.conf data
|
Feb 14, 2016 at 0:56 | comment | added | Tim | It's not the TLS handshake, it's the time to first byte, according to this test webpagetest.org/result/… . Have a look at the details graph. Look at your resources, look at what's different about the slow ones. Is it hitting PHP which is using too much CPU? RAM constrained? | |
Feb 14, 2016 at 0:45 | comment | added | Michael Hampton |
Chrome's timings are more detailed, and show SSL negotiation is completing quickly. Your problem occurs after that is complete. Please post a copy of the server's /etc/resolv.conf and check your Apache configuration for the HostnameLookups setting.
|
|
Feb 13, 2016 at 23:59 | history | asked | Alexis Wilke | CC BY-SA 3.0 |