Forum Discussion

Nimbostratus

Jul 02, 2014

SSL make login slow

Hi,

We're apache web server to host my application. At front we have F5 LTM 1600. Last engineer who setting this SSL is redirect on F5. On apache web server i did not find any SSL cert. It's using setting on iRule. Below is setting on iRule:

when HTTP_REQUEST {
   HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}

By doing this, we notice slowing when login to system. The support maintenance is already expired and expensive to renew to solve this issue only. When i test tcpdump, response to HTTP much faster than HTTPS. Also we test using openssl command:

openssl s_client -connect host.to.our.system.com:443

We get this error:

    New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA
    Session-ID: 4585C1DC2D5EFE28197FC582D5DBCB5BC263468B1D33F5C3D3A6B13216E5D1DD
    Session-ID-ctx:
    Master-Key: 508F03208211204DABD9A691CAC300E2B3B1063F9A3E821AFB718C195FF4111D71E5503E42E6C9866248321AB61FF952
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1404266098
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

Do we need to put SSL cert on apache web server? Do we need to change to improve performance on apache2? Please advice.

Thanks.

application delivery

LTM

11 Replies

nitass
Employee
Jul 05, 2014
Verify return code: 21 (unable to verify the first certificate)

as Kevin said, it has nothing on slow login issue you are troubleshooting. the following is more information about unable to verify the first certificate.

How To Verify SSL Certificate From A Shell Prompt by Nix Craft

http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/