Extra RTT on large certificates (again?)

Albert Casademont albertcasademont at gmail.com
Mon May 22 18:15:43 UTC 2017


Hi,

A few years ago a bug was reported on the extra RTT caused by large
certificates (https://trac.nginx.org/nginx/ticket/413). Doing some routine
testing I see that this behaviour is also present in at least nginx 1.12
and 1.13. Is it possible that the bug has reappeared? The threshold for the
extra RTT seems to be again at 4KB

Attaching a Webpagetest with the tcpdump file, you can clearly see that the
server stops and waits for the extra ACK before sending the remainder of
the certificate (the long cert is just for testing, but the same happens
when sending the OCSP response if stapling is activated).

wpt: https://www.webpagetest.org/result/170522_SA_1A3B
tcpdump:
https://www.webpagetest.org/getgzip.php?test=170522_SA_1A3B&file=1.cap (use
"(ip.addr eq 192.168.10.65 and ip.addr eq 37.187.169.10) and (tcp.port eq
57109 and tcp.port eq 443)" filter in wireshark)

Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20170522/7d0bc15d/attachment.html>


More information about the nginx-devel mailing list