Make your website faster

I noticed when visiting https://f-droid.org that it was really slow and every connection took multiple seconds just to establish. I could even see “Doing TLS handshake…” in the status bar of my browser, which should not be visible as it should be too fast to notice.

So I did a scan with SSLLabs, where I also saw that one server could not be scanned at all. (“Unable to connect to the server” – 5.196.66.24 quash.acge.com)

See https://www.ssllabs.com/ssltest/analyze.html?d=f-droid.org&s=107.150.51.2

So first thing, you include the root certificate in the cert chain you send through the wire. This is completely unnecessary as it is built-in into browsers.

Enabling OCSP stapling would be another thing, where you can gain speed (at least for Firefox, which still checks OCSP when not-stapled).

The final and probably best thing you should do is to enable/use HTTP/2, which comes with an enormous speed gain.

BTW the cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA can be removed as nobody supports it and 3DES is, as it says, “weak”. Even Android Android 2.3.7 supports a more recent cipher, so you should not have compatibility problems.

1 Like

Thanks for the suggestions. We have a ticket for this in our admin issue tracker, and I’ve copied your comments there.

2 Likes