Forum Discussion
Ray_Dodier_1102
Nimbostratus
NimbostratusSSL connect time diffs between domains (VIPs)
I serve HTTPS content from two different domains and each domain name corresponds to a VIP. What I'm seeing is the SSL connect time from one domain is about twice that of the other domain.
N...
Ray_Dodier_1102Nimbostratus
NimbostratusMore info on this -
The tcpdump on the F5 is not showing Server Hello responses. What I see when I look at this with WireShark is [Packet size limited during capture] where I would have expected to see the Server Hello response. This truncates the SSL response that I suspect is the Server Hello.
What got me here in the first place is that we have a network appliance called a Coradiant that captures HTTP traffic. Reports from this were indicating a problem with long SSL latency times on content from one of the VIPs. I tracked this down to a filter that was excluding most of the initial data object loads from the VIP with less SSL latency. This is where the SSL connections to this VIP would be made so the Coradiant was filtering out the traffic where most of the SSL time would be incured for one of the VIPs.
Once I modified the filter to save all content a comparison showed similar SSL latency between VIPs but one VIP was still slightly slower. The SSL latency differences are now down to the fact that one of the 2 VIPs is not doing the SSL handshake as efficiently as the other, and I have no idea why this is happening.
