On 29/11/12 16:23, Patrick McManus wrote:
> We use SSL3 instead of TLS in handshakes 1.13% of the time. That's more
> than I hoped, but less than brian feared :)
As in, 98.87% of the time we use TLS? We only support 1.0 at the moment,
> 1.7% of OCSP queries fail to generate an OCSP response.
Can we get info on which responders are performing poorly, or is that
not included for privacy or size reasons?
> OCSP responses take a median 310ms to complete.
That is pretty darn terrible.
> The "Time to Ready" metric for a new connection using ssl (which would
> include the TCP handshake and SSL handhake which may or may not be resumed
> or require OCSP), has a median around 400ms. Plaintext HTTP has a
> time-to-ready around 110ms.
Is it a coincidence that the difference between these two figures is
very close to the above-mentioned 310ms?
No wonder Chrome switched it off...