是什么导致 TLS 握手延迟?
What is causing a delay in TLS handshake?
下面是 curl --trace-time https://... 的一些输出,显示 TLS 握手中间有 0.2 秒的延迟。关于为什么会这样的任何想法?我尝试了各种密码选项,但它仍然存在。它似乎也不是外部因素(如 DNS 查找)的结果。
13:48:11.168371 * Connected to maas.its.iastate.edu (10.24.107.84) port 443 (#0)
13:48:11.168721 * SSLv3, TLS handshake, Client hello (1):
13:48:11.168761 } [data not shown]
13:48:11.183236 * SSLv3, TLS handshake, Server hello (2):
13:48:11.183348 { [data not shown]
13:48:11.183894 * SSLv3, TLS handshake, CERT (11):
13:48:11.183938 { [data not shown]
13:48:11.375841 * SSLv3, TLS handshake, Server finished (14):
13:48:11.375898 { [data not shown]
13:48:11.376106 * SSLv3, TLS handshake, Client key exchange (16):
13:48:11.376142 } [data not shown]
13:48:11.376203 * SSLv3, TLS change cipher, Client hello (1):
13:48:11.376240 } [data not shown]
13:48:11.376334 * SSLv3, TLS handshake, Finished (20):
13:48:11.376369 } [data not shown]
13:48:11.392527 * SSLv3, TLS change cipher, Client hello (1):
13:48:11.392585 { [data not shown]
13:48:11.392677 * SSLv3, TLS handshake, Finished (20):
13:48:11.392715 { [data not shown]
13:48:11.392788 * SSL connection using RC4-SHA
13:48:11.392825 * Server certificate: [cert details not shown]
13:48:11.393077 * SSL certificate verify ok.
13:48:11.393146 > GET /maas/example HTTP/1.1
13:48:11.409146 { [data not shown]
13:48:11.409438 * Closing connection #0
这可能是由于证书链过大以及 TCP 启动缓慢所致。有关详细信息,请参阅 。
运行 它在 strace 下并使用 -tt 选项:
http://linux.die.net/man/1/strace
像这样:
strace -o /output/file -f -tt curl ...
输出将向您显示挂起的位置 - 至少在系统调用挂起的确切级别上。
下面是 curl --trace-time https://... 的一些输出,显示 TLS 握手中间有 0.2 秒的延迟。关于为什么会这样的任何想法?我尝试了各种密码选项,但它仍然存在。它似乎也不是外部因素(如 DNS 查找)的结果。
13:48:11.168371 * Connected to maas.its.iastate.edu (10.24.107.84) port 443 (#0)
13:48:11.168721 * SSLv3, TLS handshake, Client hello (1):
13:48:11.168761 } [data not shown]
13:48:11.183236 * SSLv3, TLS handshake, Server hello (2):
13:48:11.183348 { [data not shown]
13:48:11.183894 * SSLv3, TLS handshake, CERT (11):
13:48:11.183938 { [data not shown]
13:48:11.375841 * SSLv3, TLS handshake, Server finished (14):
13:48:11.375898 { [data not shown]
13:48:11.376106 * SSLv3, TLS handshake, Client key exchange (16):
13:48:11.376142 } [data not shown]
13:48:11.376203 * SSLv3, TLS change cipher, Client hello (1):
13:48:11.376240 } [data not shown]
13:48:11.376334 * SSLv3, TLS handshake, Finished (20):
13:48:11.376369 } [data not shown]
13:48:11.392527 * SSLv3, TLS change cipher, Client hello (1):
13:48:11.392585 { [data not shown]
13:48:11.392677 * SSLv3, TLS handshake, Finished (20):
13:48:11.392715 { [data not shown]
13:48:11.392788 * SSL connection using RC4-SHA
13:48:11.392825 * Server certificate: [cert details not shown]
13:48:11.393077 * SSL certificate verify ok.
13:48:11.393146 > GET /maas/example HTTP/1.1
13:48:11.409146 { [data not shown]
13:48:11.409438 * Closing connection #0
这可能是由于证书链过大以及 TCP 启动缓慢所致。有关详细信息,请参阅 。
运行 它在 strace 下并使用 -tt 选项:
http://linux.die.net/man/1/strace
像这样:
strace -o /output/file -f -tt curl ...
输出将向您显示挂起的位置 - 至少在系统调用挂起的确切级别上。