On Fri, Dec 19, 2014 at 02:30:07AM +0530, Prabhat Puroshottam wrote: > As you can see the big time difference between the two executions - which > actually involve the same application level data. The largest chunk of > time is spent waiting for handshake from *Proxy Server*. The response time > of *Proxy Server* in replying back with ServerHello, varies greatly > between 1.5 to 11 seconds across different runs. In the present case it is > nearly 3.3 seconds - which IMO is not acceptable. Is Client providing a certicate? Perhaps Proxy is spending time checking CRLs. That would involve Proxy reaching out to one or more URLs, with the attendant latencies of DNS resolution, TCP session setup, and HTTP requests. Do you have any intrumentation showing you what activity Proxy is doing between ClientHEllo and ServerHello? > Thanks, for reading through such a lengthy email. If anybody can kindly > provide his inputs, or even point me in the right direction, I shall be > highly grateful. Any other comments or suggestions are also highly > welcome. Thanks for your patience, > ? > Prabhat. > > > _______________________________________________ > openssl-users mailing list > openssl-users at openssl.org > https://mta.opensslfoundation.net/mailman/listinfo/openssl-users -- Brian Reichert <reichert at numachi.com> BSD admin/developer at large
