From:  Gervase Markham <>
Date:  30 Nov 2012 18:14:15 Hong Kong Time

Re: SSL telemetry very early grain of salt edition


On 29/11/12 16:23, Patrick McManus wrote:
> We use SSL3 instead of TLS in handshakes 1.13% of the time.  That's more
> than I hoped, but less than brian feared :)

As in, 98.87% of the time we use TLS? We only support 1.0 at the moment, 

> 1.7% of OCSP queries fail to generate an OCSP response.

Can we get info on which responders are performing poorly, or is that 
not included for privacy or size reasons?

> OCSP responses take a median 310ms to complete.

That is pretty darn terrible.

> The "Time to Ready" metric for a new connection using ssl (which would
> include the TCP handshake and SSL handhake which may or may not be resumed
> or require OCSP), has a median around 400ms. Plaintext HTTP has a
> time-to-ready around 110ms.

Is it a coincidence that the difference between these two figures is 
very close to the above-mentioned 310ms?

No wonder Chrome switched it off...