Popular Free SSL Adds 200% delay to an otherwise lightning fast website

Question

This question focusses on easy, practical (free/budget) solution to speed up the SSL connection of an already lightning fast wesite averaging 50ms for all elements, except for the SSL which tripples the loading time.

---

---

Printscreen is from this speedtester whose results appear reproducable therefore reliable.
It will be used to test the answer(s) below to see if they can relieve the SSL bottleneck.

---

Scope of this qestion:
i. Very fast websites on optimized servers averaging 50ms page load if not for the SSL delay.
ii. Websites where SSL adds a significant delay, doubling or even trippling total loadtime.
iii. Embracing pratical methods to reduce the SSL delay in these situations.
iv. Aware of the comprehensive questions and answers like 1, 2, 3 and many others.

---

Questions:
1.Whats the first step, to speed up the SSL on an otherwise lightning fast website?
2.Will a paid budget SSL (e.g. Comodo EV SSL 8$/year) be any faster than a Let's Encrypt SSL?
3.Which online tools provide a detailed zoom-in, in to the SSL portion of a website?
4.I suspect our current Let's Encrypt key is 4096 bits (overkill for our website) but on our admin panel shared hosting it seems the 2048 bit version is removed and not available to select anymore. Is there any other way to replace and or enfore the lighter 2048 bit Let's Encrypt key?

---

Thank you! Any and all practical (for the general public easy to understand) SSL analysis-tools and or speed-enhancement-tips will be considered as possible answers to this question!

Answer 1

Answers to the four questions:
1. Whats the first step, to speed up the SSL on an otherwise lightning fast website?

Some things to consider:

• You don't need to protect everything on your website. Static things like images are not typically volatile so why would you send them over https?
• The size of your key and cert will heavily influence the speed of encryption & decryption and therefore throughput/bandwidth.
• Consider a caching solution in front of your ssl-terminated endpoint.

2. Will a paid budget SSL (e.g. Comodo EV SSL 8$/year) be any faster than a Let's Encrypt SSL?

• Not really. The components that make up the cert are the key to performance, however... if your end-users are also doing "certificate revocation checks" of any kind, that will be different per vendor and will potentially impair site performance.

3. Which online tools provide a detailed zoom-in, in to the SSL portion of a website?

• The SSL portion of a website is handled at a web-server within your network infrastructure. The best SSL visibility you can get at a website is to view the certificate downloaded by the end-user by clicking on the little lock icon on most browsers(when they connect to an ssl website). It may also give you some information about the cryptographic ciphers being used between the browser and server.

4. I suspect our current Let's Encrypt key is 4096 bits (overkill for our website) but on our admin panel shared hosting it seems the 2048 bit version is removed and not available to select anymore. Is there any other way to replace and or enfore the lighter 2048 bit Let's Encrypt key?

• Yes, to some degree. The key size you use is dependent upon the certificate authority you pick (Let's Encrypt for instance) and what they have available. The infrastructure where it's going (IIS, Apache, Nginx, Other...) may have some kind of restriction as well (security team mandates, etc...), but only your infrastructure team would know the certificate restrictions you have on your web-server and why they might be there.