Hello,

It seems that we are having a initial lag time (~10secs) before loading even a simple static page. Could this be an issue with the SSL? Is there any way to reduce the SSL overhead to improve the response time of the server?

For follow-up, is there any way we can separate the content of SSL from non-SSL pages and keep their sessions separate?

Thank you for your time.

kuletog12,


It seems that we are having a initial lag time (~10secs) before loading even a simple static page. Could this be an issue with the SSL? Is there any way to reduce the SSL overhead to improve the response time of the server?


SSL shouldn't be the cause of this lag; the SSL sessions are established very quickly. I have seen initial lag of approximately that duration on the very first page load after an application is started but it is not something that remains after the first page. If you are still experiencing the lag, please check it with something like firebug (too see at what stage the delay occurs); also you can try to load the page while having tcpdump running incrementally from the gateway to the web server. (if this is urgent, you may also contact your tech support)


For follow-up, is there any way we can separate the content of SSL from non-SSL pages and keep their sessions separate?


There are several ways to do this:

1. You can inspect the incoming http request header; if 'X-SSL-Request: 1' is there, then this came over SSL. You can use mod_rewrite and others to separate the content.

2. The INSSL gateway allows you to specify which of the http/https protocols you want to process: none/http/https/both. You can, for example, say only https; in this case, only SSL will go to the http output. You can then set the L3 filter to TPC/80, and you will get the http requests on the aux outputs. This way you can have the different protocols served by entirely different appliances (I doubt you want that, but it is an option).

Let me know if this helps.

Regards,
-- Peter