在Chrome上，Apache的HTTPS速度令人难以置信

我在这个网站和其他网站上多次看到这个问题，但是他们中的任何一个都为我提供了一个有效的解决scheme。

我有一个运行Apache 2.2.22的Ubuntu服务器12.04。 httpstream量正常运行，但SSLstream量正在缓慢复苏。加载一个网站，我可以看到图像加载，而在http版本，他们几乎立即。我运行一些testing：

HTTP：

ab -n 1000 -c 250 http://IP/test.jpeg This is ApacheBench, Version 2.3 <$Revision: 655654 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking IP (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Completed 600 requests Completed 700 requests Completed 800 requests Completed 900 requests Completed 1000 requests Finished 1000 requests Server Software: Apache/2.2.22 Server Hostname: IP Server Port: 80 Document Path: /test.jpeg Document Length: 19558 bytes Concurrency Level: 250 Time taken for tests: 11.104 seconds Complete requests: 1000 Failed requests: 0 Write errors: 0 Total transferred: 19842000 bytes HTML transferred: 19558000 bytes Requests per second: 90.06 [#/sec] (mean) Time per request: 2775.995 [ms] (mean) Time per request: 11.104 [ms] (mean, across all concurrent requests) Transfer rate: 1745.05 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 254 549 872.4 270 3289 Processing: 518 2046 1584.9 1250 8370 Waiting: 258 1596 1532.1 724 7214 Total: 779 2595 2044.1 1525 10467 Percentage of the requests served within a certain time (ms) 50% 1525 66% 2192 75% 3424 80% 4248 90% 6013 95% 7175 98% 7723 99% 10189 100% 10467 (longest request)

HTTPS：

 ab -n 1000 -c 250 https://IP/test.jpeg This is ApacheBench, Version 2.3 <$Revision: 655654 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking IP (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Completed 600 requests Completed 700 requests Completed 800 requests Completed 900 requests Completed 1000 requests Finished 1000 requests Server Software: Apache/2.2.22 Server Hostname: IP Server Port: 443 SSL/TLS Protocol: TLSv1/SSLv3,DHE-RSA-AES256-SHA,1024,256 Document Path: /test.jpeg Document Length: 19558 bytes Concurrency Level: 250 Time taken for tests: 62.911 seconds Complete requests: 1000 Failed requests: 0 Write errors: 0 Total transferred: 19842000 bytes HTML transferred: 19558000 bytes Requests per second: 15.90 [#/sec] (mean) Time per request: 15727.734 [ms] (mean) Time per request: 62.911 [ms] (mean, across all concurrent requests) Transfer rate: 308.01 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 1225 8408 3478.8 8733 14994 Processing: 957 6470 3693.6 5922 13997 Waiting: 258 2422 1720.7 1711 8113 Total: 10486 14878 4730.7 12594 27169 Percentage of the requests served within a certain time (ms) 50% 12594 66% 14805 75% 14828 80% 21609 90% 22990 95% 23136 98% 27115 99% 27125 100% 27169 (longest request)

保持活着的HTTPS：

 ab -k -n 1000 -c 250 https://IP/test.jpeg This is ApacheBench, Version 2.3 <$Revision: 655654 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking IP (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Completed 600 requests Completed 700 requests Completed 800 requests Completed 900 requests Completed 1000 requests Finished 1000 requests Server Software: Apache/2.2.22 Server Hostname: IP Server Port: 443 SSL/TLS Protocol: TLSv1/SSLv3,DHE-RSA-AES256-SHA,1024,256 Document Path: /test.jpeg Document Length: 19558 bytes Concurrency Level: 250 Time taken for tests: 13.565 seconds Complete requests: 1000 Failed requests: 0 Write errors: 0 Keep-Alive requests: 1000 Total transferred: 19852150 bytes HTML transferred: 19558000 bytes Requests per second: 73.72 [#/sec] (mean) Time per request: 3391.342 [ms] (mean) Time per request: 13.565 [ms] (mean, across all concurrent requests) Transfer rate: 1429.14 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 1051 2562.0 0 11662 Processing: 258 903 667.8 556 2710 Waiting: 254 466 460.8 268 1840 Total: 258 1954 2982.9 565 12518 Percentage of the requests served within a certain time (ms) 50% 565 66% 830 75% 1096 80% 1361 90% 8746 95% 8753 98% 9244 99% 9595 100% 12518 (longest request)

我可以理解https可以比http慢一点，应该用keepalive来缓解，但是我还是不了解这个巨大的差别，为什么我实际上可以看到它的加载速度非常慢。我认为是我做了一些错误configuration，因为在我安装https的命令服务器并不是那么慢。

其他可能有用的信息是：

 cat mods-available/ssl.conf |grep SSLRandomSeed SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 1024 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 1024

这是我如何创build我的证书：

 openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key

这是default-ssl的configuration：

 <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem SSLCertificateKeyFile /etc/apache2/ssl/apache.key DocumentRoot /var/www/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

有任何想法吗？

更新：

到目前为止只是在Chrome浏览器方面慢了点… Firefox和Safari都可以，肯定会有提示，我要去调查一下。

你正在使用/ dev / urandom作为你的随机种子，所以它不会是一个熵池阻塞问题。

如果您发现整个数据stream速度很慢（而且启动速度不慢，但速度较慢），那么您应该检查您的服务器是否configuration充分。 encryption和签名可能相当CPU密集型; 检查top （和您的平均负载）。如果你有一个不合理的CPU或RAM的less量这是有道理的。

另请注意：证书不用于实际的encryption，仅用于密钥交换和身份validation。随机会话密钥被生成并用于根据在连接开始时在客户端和服务器之间协商的能力和偏好进行encryption。作为一个testing，你可以尝试在你的cipherspec中禁用所有的安全性低的密码。