roc · November 20, 2014 16:08
diff --git a/Ilya Grigorik - Is TLS fast yet? b/Ilya Grigorik - Is TLS fast yet?
 Is TLS fast yet?
 ----------------

 - Ilya Grigorik
 - Google



               .-~*~--,.   .-.
       .-~-. ./OOOOOOOOO\.'OOO`9~~-.
     .`OOOOOO.OOM.OLSONOOOOO@@OOOOOO\
    /OOOO@@@OO@@@OO@@@OOO@@@@@@@@OOOO`.
    |OO@@@WWWW@@@@OOWWW@WWWW@@@@@@@OOOO).
  .-'OO@@@@WW@@@W@WWWWWWWWOOWW@@@@@OOOOOO}
 /OOO@@O@@@@W@@@@@OOWWWWWOOWOO@@@OOO@@@OO|
 lOOO@@@OO@@@WWWWWWW\OWWWO\WWWOOOOOO@@@O.'
 \OOO@@@OOO@@@@@@OOW\     \WWWW@@@@@@@O'.
  `,OO@@@OOOOOOOOOOWW\     \WWWW@@@@@@OOO)
   \,O@@@@@OOOOOOWWWWW\     \WW@@@@@OOOO.'
     `~c~8~@@@@WWW@@W\       \WOO|\UO-~'
          (OWWWWWW@/\W\    ___\WO)
            `~-~''     \   \WW=*'
                      __\   \
                      \      \
                       \    __\
                        \  \
                         \ \
                          \ \
                           \\
                            \\
                             \
                              \


 First!

 Get the basics right - upgrade kernal to 3.6+
 ---------

 Computational costs

 Asymmetric
 Tip – do fewer handshakes!

 # upgrade
 $ openssl version

 # run benchmarks
 $ openssl speed sha ecdh

 Doug Beaver facebook and Adam Langley and Jac

 Most requests do not require a full handshake.

 --- Don't open too many



 Keepalives: reuse the same connection, always
 Reuse negotiatied parameters for the symmetric cipher

 - removes a single roundtrip

 TLS Resumption
 - Session identifiers (older)
    - require a shared cache
    - sessions must be expired
 - Session tickets (newer)
    - server encrypts parameters
    - server sets opaque ticket to client
    - client sends opaque ticket on reconnect
    - server decrypts ticket on reconnect
 - GOTCHA Perfect Forward Secrecy
 - imperialviolet.org - perfect forward secrecy


 $ openssl s_client -connect example.com:443 -tls1 -tlsextdebug -status

 Set ssl ticket timeout to 1day, not 300s

 Optimize

 - Run wireshark trace on your site
 - check your RTT length with TLS handshake, should be only the length of your RTT
 - TLS False Start
    - opt in feature
    - chrome/ff
        - npn/alpn support required
        - ECDHE
    - Forward secrecy ciphersuite (safari)

 Common perf pitfalls

 - Large TLS records
 - No intermeidary cert
    - no need to include the root, just pass the intermediary
 - wrong servr! redirect to new load balanced server
 - Valid cert?
    - OSCP stapling - http://en.wikipedia.org/wiki/OCSP_stapling
    - Doesn't require client lookups, does not pause navigation

 $ openssl s_client -connect example.com:443 -tls1 -tlsextdebug -status
 --> look at status of cert

 Strict-Transport-Security max-age=10886400; includeSubDomains

 - Auto rewrites to https, so does not incur first redirect
 - Add your site to the HSTS preload list
    - hstspreload.appspot.com
    - Also has some guides

 TLS records and latency gotchas
    - TLS allows up to 16kb records
    - New connection plus 16KB record = CWND (congestion window) overflow and additional RTT

 - Make record size smaller
    - Implement dynamic record sizing
    - after ~1mb is sent, switch to 16K records
    - After ~1s inactivity, reset to 1400 byte records
    - Apache doesn't allow you to configure this

 - Do you support False Start
    - Enable ALPN/NPN

 CDNs are not just for static content
    - Edge termination near the origin!

 ATS (Apache Traffic Server) and NGINX best for servers
 Fastly doesn't support some key features

 isTLSfastyet.com

 HTTPS can be faster with SPDY enabled
    - multiplexing
    - prioritization
    - header compression

 Start investigating HTTP/2
 - Enable

 bit.ly/1A2HVEX

 @igrigorik
	Is TLS fast yet?
	----------------

	- Ilya Grigorik
	- Google



	.-~*~--,. .-.
	.-~-. ./OOOOOOOOO\.'OOO`9~~-.
	.`OOOOOO.OOM.OLSONOOOOO@@OOOOOO\
	/OOOO@@@OO@@@OO@@@OOO@@@@@@@@OOOO`.
	\|OO@@@WWWW@@@@OOWWW@WWWW@@@@@@@OOOO).
	.-'OO@@@@WW@@@W@WWWWWWWWOOWW@@@@@OOOOOO}
	/OOO@@O@@@@W@@@@@OOWWWWWOOWOO@@@OOO@@@OO\|
	lOOO@@@OO@@@WWWWWWW\OWWWO\WWWOOOOOO@@@O.'
	\OOO@@@OOO@@@@@@OOW\ \WWWW@@@@@@@O'.
	`,OO@@@OOOOOOOOOOWW\ \WWWW@@@@@@OOO)
	\,O@@@@@OOOOOOWWWWW\ \WW@@@@@OOOO.'
	`~c~8~@@@@WWW@@W\ \WOO\|\UO-~'
	(OWWWWWW@/\W\ ___\WO)
	`~-~'' \ \WW=*'
	__\ \
	\ \
	\ __\
	\ \
	\ \
	\ \
	\\
	\\
	\
	\


	First!

	Get the basics right - upgrade kernal to 3.6+
	---------

	Computational costs

	Asymmetric
	Tip – do fewer handshakes!

	# upgrade
	$ openssl version

	# run benchmarks
	$ openssl speed sha ecdh

	Doug Beaver facebook and Adam Langley and Jac

	Most requests do not require a full handshake.

	--- Don't open too many



	Keepalives: reuse the same connection, always
	Reuse negotiatied parameters for the symmetric cipher

	- removes a single roundtrip

	TLS Resumption
	- Session identifiers (older)
	- require a shared cache
	- sessions must be expired
	- Session tickets (newer)
	- server encrypts parameters
	- server sets opaque ticket to client
	- client sends opaque ticket on reconnect
	- server decrypts ticket on reconnect
	- GOTCHA Perfect Forward Secrecy
	- imperialviolet.org - perfect forward secrecy


	$ openssl s_client -connect example.com:443 -tls1 -tlsextdebug -status

	Set ssl ticket timeout to 1day, not 300s

	Optimize

	- Run wireshark trace on your site
	- check your RTT length with TLS handshake, should be only the length of your RTT
	- TLS False Start
	- opt in feature
	- chrome/ff
	- npn/alpn support required
	- ECDHE
	- Forward secrecy ciphersuite (safari)

	Common perf pitfalls

	- Large TLS records
	- No intermeidary cert
	- no need to include the root, just pass the intermediary
	- wrong servr! redirect to new load balanced server
	- Valid cert?
	- OSCP stapling - http://en.wikipedia.org/wiki/OCSP_stapling
	- Doesn't require client lookups, does not pause navigation

	$ openssl s_client -connect example.com:443 -tls1 -tlsextdebug -status
	--> look at status of cert

	Strict-Transport-Security max-age=10886400; includeSubDomains

	- Auto rewrites to https, so does not incur first redirect
	- Add your site to the HSTS preload list
	- hstspreload.appspot.com
	- Also has some guides

	TLS records and latency gotchas
	- TLS allows up to 16kb records
	- New connection plus 16KB record = CWND (congestion window) overflow and additional RTT

	- Make record size smaller
	- Implement dynamic record sizing
	- after ~1mb is sent, switch to 16K records
	- After ~1s inactivity, reset to 1400 byte records
	- Apache doesn't allow you to configure this

	- Do you support False Start
	- Enable ALPN/NPN

	CDNs are not just for static content
	- Edge termination near the origin!

	ATS (Apache Traffic Server) and NGINX best for servers
	Fastly doesn't support some key features

	isTLSfastyet.com

	HTTPS can be faster with SPDY enabled
	- multiplexing
	- prioritization
	- header compression

	Start investigating HTTP/2
	- Enable

	bit.ly/1A2HVEX

	@igrigorik
No results found