- #1
davee123
- 672
- 4
Does anyone know the steps involved with an HTTPS transmission? Particularly with an Apache server? Is there some sort of a handshake for every call? Or is the key transmitted only once to a client browser per session? If so, what governs such a timeout, and how does the webserver identify each client? Does a browser typically validate the site's certificate on every call?
We've got a webserver that's "slow" sometimes for clients (30+ seconds), but we have no idea why. Each of our CGIs respond within 1-2 seconds of receiving a request, but we have reason to believe that "something" is delaying users initiating calls with us. We know the CGIs aren't filling up the machine they're running on, and we're told we aren't hitting the number of MaxClients for Apache. Could we be filling up the number of handshakes for Apache? Could their browser be taking too long to validate us with the Certificate Authority?
I'm honestly not even sure where to look for the slowdown, so I'm curious what the atomic steps are in the process of a typical HTTPS call.
DaveE
We've got a webserver that's "slow" sometimes for clients (30+ seconds), but we have no idea why. Each of our CGIs respond within 1-2 seconds of receiving a request, but we have reason to believe that "something" is delaying users initiating calls with us. We know the CGIs aren't filling up the machine they're running on, and we're told we aren't hitting the number of MaxClients for Apache. Could we be filling up the number of handshakes for Apache? Could their browser be taking too long to validate us with the Certificate Authority?
I'm honestly not even sure where to look for the slowdown, so I'm curious what the atomic steps are in the process of a typical HTTPS call.
DaveE