jnroil.blogg.se - Script to test tls 1.2

The first step in this process is being able to collect data about the connection timings. The rest of this blog post goes into how I did this, what was involved and what were the results. And does IPv4 vs IPv6 have any effect on the results (IPv6 is enabled for GOV.UK). So after reading Chendo’s blog post TLS 1.3 performance compared to TLS 1.2, it got me thinking: how could I replicate these tests for GOV.UK and verify (purely for my own sake) that TLS 1.3 does in fact offer a web performance improvement for our users. I’d guess if we were capturing Real User Monitoring (RUM) data over the same time period, we would have most likely have spotted it. But these results are only from synthetic testing on a limited set of devices and connections, so that’s probably why. I thought it may be related to TLS session resumption, but WebPageTest gives details about this in a pages HTML ‘Raw Details’ tab, and they are all "tls_resumed": "False". Improved security and web performance, sign me up! So when TLS 1.3 was enabled on the UK POPs for GOV.UK on 15th April, I was a little disappointed to not see anything reflected in our synthetic web performance tests in SpeedCurve, as I’d expected to see a change in the Time to First Byte (TTFB) metric.

improved performance due to a reduction in the number of round trips (RTT) to establish a secure connection.

improved security by removing insecure or less secure ciphers (as well as insecure features).

TLS 1.3 is the latest version of the Transport Layer Security cryptographic protocol, and it offers a number of improvements over previous versions, including: A win-win all round! So assuming you are using a modern browser (and aren’t stuck behind a proxy that forces a TLS downgrade), you should see something like this when you next visit GOV.UK: I believe with this upgrade it also paves the way for enabling HTTP/3 & QUIC in the future, which should improve performance on connections that suffer from high packet loss (e.g. This includes a new h2o TLS architecture, which was required for enabling TLS 1.3.

Fastly have been gradually rolling out a whole set of improvements to the cache nodes in their POPs. Earlier in the year we enabled Transport Layer Security (TLS) 1.3 on the Fastly point of presence (POPs) for GOV.UK.