[users@httpd] Apache + HTTP/2 + SPDY

[Guitar Man <mo...@gmail.com>]

Hello Developers!

Someone knows if Apache Foundation is working to include the SPDY in the
new Apache version for HTTP/2?

The Apache WebServer is the most used application and everyone needs a
solution about this issue.

I am paying CPANEL with Apache, and all my website that are using
SSL/HTTPS, the SSL Negotiation is very slow.

Thanks for the opportunity for discussion.

Good day for everyone!

-- 

Att,
Andre Luis de Andrade
Music Online Records @ since 1998
E-mail: andre@ate.com.br
Project: http://www.molrecords.com
World: http://www.molbr.com
Brazil: http://www.musiconline.com.br
Company: http://www.ate.com.br
Curitiba, Paraná, Brazil
* Help to heal the world before its too late!

Re: [users@httpd] Apache + HTTP/2 + SPDY

[Igor Cicimov <ic...@gmail.com>]

On 27/05/2015 6:00 AM, "Guitar Man" <mo...@gmail.com> wrote:
>
> Hello Eric, how are you?
>
> Well, I am working with a COMODO certificate and making tests using the
WebPageTest.org. There, my website SSL Negotiation is more than 300ms,
however, another sites is working with 30-50ms. I think this difference
between values is makeing the Robots index my project slowly (Could be?)
>
> I really do not know how to improve the SSL Negotiation. I am using
Apache 2.4 + Cpanel + 8GB RAM + OpCache, and this negotiation still high.
>
> Do you have some suggestion to me in this searching for a solution?
>

Make sure you use tls1.2 with ECDHE as your primary cipher as it is faster.
Also using ocsp stapling in apache will speedup the establishing of the ssl
connections. New systems might lack entropy at the beginning but yours is
running for a year you said? Also depends on which device is being used
/dev/random vs /dev/urandom but that should be correctly set by apache.
Anyway, paste you relevant part of the ssl settings here including the
mutex, cache etc. and someone might come up with a suggestion that can help.

> My main website is: https://www.musiconline.com.br (I am turning the
OpCache ON soon).
>

OpCache will speedup serving the php pages not the ssl.

> Thanks a lot again. :) Good year!
>
> 2015-05-26 16:53 GMT-03:00 Eric Covener <co...@gmail.com>:
>
>>
>>
>> On Mon, May 25, 2015 at 4:36 PM Guitar Man <mo...@gmail.com> wrote:
>>>
>>> Hello Developers!
>>>
>>> Someone knows if Apache Foundation is working to include the SPDY in
the new Apache version for HTTP/2?
>>
>>
>> There isn't any work on SPDY or mod_spdy.  There is some third-party
development of a HTTP/2 module:
>>
>> https://github.com/icing/mod_h2
>>
>>>
>>> The Apache WebServer is the most used application and everyone needs a
solution about this issue.
>>>
>>>
>>> I am paying CPANEL with Apache, and all my website that are using
SSL/HTTPS, the SSL Negotiation is very slow.
>>
>>
>> You're hoping to solve this by opening fewer connections, but wouldn't
your n-1 subsequent connections use an abbreviated handshake anyway? Is it
really that slow? Maybe you're missing an SSL session cache or have some
other extenuating factor?
>
>
>
>
> --
>
> Att,
> Andre Luis de Andrade
> Music Online Records @ since 1998
> E-mail: andre@ate.com.br
> Project: http://www.molrecords.com
> World: http://www.molbr.com
> Brazil: http://www.musiconline.com.br
> Company: http://www.ate.com.br
> Curitiba, Paraná, Brazil
> * Help to heal the world before its too late!

Re: [users@httpd] Apache + HTTP/2 + SPDY

[Guitar Man <mo...@gmail.com>]

Hello Eric, how are you?

Well, I am working with a COMODO certificate and making tests using the
WebPageTest.org. There, my website SSL Negotiation is more than 300ms,
however, another sites is working with 30-50ms. I think this difference
between values is makeing the Robots index my project slowly (Could be?)

I really do not know how to improve the SSL Negotiation. I am using Apache
2.4 + Cpanel + 8GB RAM + OpCache, and this negotiation still high.

Do you have some suggestion to me in this searching for a solution?

My main website is: https://www.musiconline.com.br (I am turning the
OpCache ON soon).

Thanks a lot again. :) Good year!

2015-05-26 16:53 GMT-03:00 Eric Covener <co...@gmail.com>:

>
>
> On Mon, May 25, 2015 at 4:36 PM Guitar Man <mo...@gmail.com> wrote:
>
>> Hello Developers!
>>
>> Someone knows if Apache Foundation is working to include the SPDY in the
>> new Apache version for HTTP/2?
>>
>
> There isn't any work on SPDY or mod_spdy.  There is some third-party
> development of a HTTP/2 module:
>
> https://github.com/icing/mod_h2
>
>
>> The Apache WebServer is the most used application and everyone needs a
>> solution about this issue.
>>
>
>> I am paying CPANEL with Apache, and all my website that are using
>> SSL/HTTPS, the SSL Negotiation is very slow.
>>
>
> You're hoping to solve this by opening fewer connections, but wouldn't
> your n-1 subsequent connections use an abbreviated handshake anyway? Is it
> really that slow? Maybe you're missing an SSL session cache or have some
> other extenuating factor?
>
>>


-- 

Att,
Andre Luis de Andrade
Music Online Records @ since 1998
E-mail: andre@ate.com.br
Project: http://www.molrecords.com
World: http://www.molbr.com
Brazil: http://www.musiconline.com.br
Company: http://www.ate.com.br
Curitiba, Paraná, Brazil
* Help to heal the world before its too late!

Re: [users@httpd] Apache + HTTP/2 + SPDY

[Eric Covener <co...@gmail.com>]

On Mon, May 25, 2015 at 4:36 PM Guitar Man <mo...@gmail.com> wrote:

> Hello Developers!
>
> Someone knows if Apache Foundation is working to include the SPDY in the
> new Apache version for HTTP/2?
>

There isn't any work on SPDY or mod_spdy.  There is some third-party
development of a HTTP/2 module:

https://github.com/icing/mod_h2


> The Apache WebServer is the most used application and everyone needs a
> solution about this issue.
>

> I am paying CPANEL with Apache, and all my website that are using
> SSL/HTTPS, the SSL Negotiation is very slow.
>

You're hoping to solve this by opening fewer connections, but wouldn't your
n-1 subsequent connections use an abbreviated handshake anyway? Is it
really that slow? Maybe you're missing an SSL session cache or have some
other extenuating factor?

>