

It cannot be downloading other resources in parallel, like CSS files or images, because it hasn't gotten that initial HTML page telling them about the other resources. In this example, getting the HTML page over TLS takes twice as long as getting the same page over an unencrypted connection! Worse, the browser can't do anything else until it gets this initial HTML page.

The TLS handshake, shown in purple, is adding 750 ms of delay to the time it takes to get the initial HTML page. Look at the waterfall diagram below: (if you need help, check out how to read a webpage waterfall chart.)

Since TLS handshakes are part of creating the secure connection, they have to happen before any data can be exchanged. The primary performance problem with the TLS handshake is not how long it takes, it is when the handshake happens. This handshake will typically take between 250 milliseconds to half a second, but it can take longer.Īt first, a half second might not sound like a lot of time. Because of the difference between latency and bandwidth, a faster internet connection doesn't make these round trips any faster. While there are a lot of details in the diagram, the take away is that a full TLS handshake involves 2 round trips between the client and the server. The TLS handshake is shown in this rather technical looking diagram:ĭon’t worry.

This article covers the second item, Establishing a secure connection. This is known as the TLS Handshake and can have a significant impact on your site performance. There are several steps that must occur before a browser establishes a secured connection to your website: identities must be confirmed, algorithms must be selected, and keys must be exchanged. If not configured properly, your page load times can become much slower than unencrypted traffic.Įstablishing a secure connection. Data sent back and forth between visiting web browsers and your web server must be encrypted and decrypted. In our prior SSL Performance Diary post, Optimizing Data Encryption, we mentioned there are 2 areas of TLS that can harbor performance problems:Įncrypting the data.
