![]() ![]() I found that flushing the DNS cache would consistently cause the next TLS handshake to be slow. This hypothesis was easy to test by flushing my DNS cache. ![]() Since I run my own recursive DNS server locally, This suggested to me that once a DNS record was cached, everything wasįast until the cache entry expired. There was always a brief period during which all handshakes were fast, even if I restarted Instinctively, I thought this had the whiff of a DNS Not yet willing to conclude that it was a targeted man-in-the-middleĪttack that was affecting performance, I looked for alternativeĮxplanations. More expensive discrete log Diffie-Hellman key exchange. Handshaking in a fraction of a second, despite using stock OpenSSL and the It was comical to compare that to my own HTTPS server, which was To squeeze every last drop of performance out of TLS,Īnd uses the highly efficient elliptic curve Diffie-Hellman key exchange. To see Google taking several seconds to complete the TLS handshake. Occurring in the SSL (aka TLS) handshake. The delay occurred in all browsers, and according to Chromium's developer tools, it was Google and DuckDuckGo, but not all HTTPS websites, were taking up to 20 seconds to load. The problem was so bizarre that for a moment I suspected I was witnessingĪ man-in-the-middle attack using valid certificates. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |