Disappointment Over Speeding up SSL

Entrust CTO

A year and a half ago, Google started an experiment to speed up SSL by 30% by using an improvement called False Start. Our own Bruce Morton wrote about it not once but twice, and most of the world has been hopeful about the experiment. What’s not to like about a 30% speed improvement?Google_logo

Sadly, Adam Langley has said that he is declaring the experiment a failure. The problem is that it doesn’t work well on some sites, not without a fix to the SSL code on these sites. The problematic sites seems to be all protective gateways that proxy a connection from front-edge servers to ones in the back of a network. He hypothesizes that these sites are reading and writing on separate threads and that this is causing problems with False Start. They tried explicitly noting who had problems and just not doing it there, but that hasn’t panned out.

Langley believes that the fix is easy on the server end, and that the people who aren’t fixing it aren’t being obstinate, they just likely don’t have someone who is expert in their SSL code any more. They’re now limiting its use solely to sites that have implemented the Next Protocol Negotiation extension.

This is a real pity. We need more sites using SSL, and it’s always better to get SSL faster, as that means more people will use SSL.

Entrust CTO
Entrust CTO
Chief Technology Officer


Add to the Conversation