Apache is being incredibly slow on HTTPS on Chrome

I saw this question several times asked in this website and others, but any of them provided me a valid solution for my problem.

I have an ubuntu server 12.04 running apache 2.2.22. http traffic it's working good but SSL traffic is being reaaally slow. While loading a website I can see images loading while in the http version they all almost immediately. I run some tests:

HTTP:

ab -n 1000 -c 250 http://IP/test.jpeg
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking IP (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        Apache/2.2.22
Server Hostname:        IP
Server Port:            80

Document Path:          /test.jpeg
Document Length:        19558 bytes

Concurrency Level:      250
Time taken for tests:   11.104 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Total transferred:      19842000 bytes
HTML transferred:       19558000 bytes
Requests per second:    90.06 [#/sec] (mean)
Time per request:       2775.995 [ms] (mean)
Time per request:       11.104 [ms] (mean, across all concurrent requests)
Transfer rate:          1745.05 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:      254  549 872.4    270    3289
Processing:   518 2046 1584.9   1250    8370
Waiting:      258 1596 1532.1    724    7214
Total:        779 2595 2044.1   1525   10467

Percentage of the requests served within a certain time (ms)
  50%   1525
  66%   2192
  75%   3424
  80%   4248
  90%   6013
  95%   7175
  98%   7723
  99%  10189
 100%  10467 (longest request)

HTTPS:

ab -n 1000 -c 250 https://IP/test.jpeg
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking IP (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        Apache/2.2.22
Server Hostname:        IP
Server Port:            443
SSL/TLS Protocol:       TLSv1/SSLv3,DHE-RSA-AES256-SHA,1024,256

Document Path:          /test.jpeg
Document Length:        19558 bytes

Concurrency Level:      250
Time taken for tests:   62.911 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Total transferred:      19842000 bytes
HTML transferred:       19558000 bytes
Requests per second:    15.90 [#/sec] (mean)
Time per request:       15727.734 [ms] (mean)
Time per request:       62.911 [ms] (mean, across all concurrent requests)
Transfer rate:          308.01 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:     1225 8408 3478.8   8733   14994
Processing:   957 6470 3693.6   5922   13997
Waiting:      258 2422 1720.7   1711    8113
Total:      10486 14878 4730.7  12594   27169

Percentage of the requests served within a certain time (ms)
  50%  12594
  66%  14805
  75%  14828
  80%  21609
  90%  22990
  95%  23136
  98%  27115
  99%  27125
 100%  27169 (longest request)

HTTPS with keep alive:

ab -k -n 1000 -c 250 https://IP/test.jpeg
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking IP (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        Apache/2.2.22
Server Hostname:        IP
Server Port:            443
SSL/TLS Protocol:       TLSv1/SSLv3,DHE-RSA-AES256-SHA,1024,256

Document Path:          /test.jpeg
Document Length:        19558 bytes

Concurrency Level:      250
Time taken for tests:   13.565 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Keep-Alive requests:    1000
Total transferred:      19852150 bytes
HTML transferred:       19558000 bytes
Requests per second:    73.72 [#/sec] (mean)
Time per request:       3391.342 [ms] (mean)
Time per request:       13.565 [ms] (mean, across all concurrent requests)
Transfer rate:          1429.14 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0 1051 2562.0      0   11662
Processing:   258  903 667.8    556    2710
Waiting:      254  466 460.8    268    1840
Total:        258 1954 2982.9    565   12518

Percentage of the requests served within a certain time (ms)
  50%    565
  66%    830
  75%   1096
  80%   1361
  90%   8746
  95%   8753
  98%   9244
  99%   9595
 100%  12518 (longest request)

I can understand https can be a little bit slower than http and that should be mitigated with the keepalive but I still dont understand the big diference and why I can actually see it loading incredibly slow. I think is some misconfiguration I have done because in the order server I installed https is not that slow by far.

Other information that could be useful is:

cat mods-available/ssl.conf |grep SSLRandomSeed
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 1024

This is how I created my certificates:

openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key

This is the config for default-ssl:

<VirtualHost *:443>
     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl/apache.pem
     SSLCertificateKeyFile /etc/apache2/ssl/apache.key

     DocumentRoot /var/www/
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Any ideas?

UPDATE:

Is being that slow only in chrome so far… Firefox and Safari are OK, that can definitely give a hint, I am going to investigate this.

Best Answer

You are using /dev/urandom for your random seed, so it won't be an entropy pool blocking issue.

If you notice the entire stream is slow (and not just slow to start, but slow rate) only on https, you should check whether your server is adequately provisioned. Encryption and signing can be rather CPU-intensive; check top (and your load average). If you have an unreasonably small amount of CPU or RAM this would make sense.

Also note: the certificate isn't used for the actual encryption, only for the key exchange and identity verification. A random session key is generated and used for encryption according to the capabilities and preferences negotiated between the client and server at the start of the connection. As a test, you could try putting something like disabling all but low-security ciphers in your cipherspec.

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

Ssl – Apache https is slow

Related Topic