Forum

Hello Hugo,

I am trying to use ssl certificate. I generated the certificate as you mentioned on https://www.hiawatha-webserver.org/howto/bindings. But when i start the server it slows down extremely. It can not load the page for many seconds. I checked the serverkey.pem its format seems ok. Before this ssl confiuration it was working well. Here is part of my configuration file:

Binding {
	BindingID = port4545
	Port=4545
	Interface = 0.0.0.0
	MaxRequestSize = 1200
	TimeforRequest = 50
	SSLcertFile = ../etc/serverkey.pem
}

VirtualHost {
 	Hostname = 0.0.0.0
	WebsiteRoot = ../srv/var/www
	RequireSSL=yes
}

I don't have too much knowledge about this issue. Can you help me, please?
Thanks.


Hiawatha version: 8.7
Operating System: Suse 10.1

Why use port 4545?? What URL are you using in your browser to connect?

No reason it is randomly choosen I use this port for a long time and the server was ok until i configure it for ssl. I use https://myipaddress:3802.

Sorry i wrote wrong port it is 4545.

If you request a single image from your website, does that work fast?

Actually no. I take of javascript and style files also but it is still slowe from the first SSL warning page.

Hmmm... then I have no idea.

This might not do anything, but what size is your RSA key file? Like when you created how many bits did you make it?

Reason I ask is that I am not experiencing this issue, and my server only deals SSL content. So maybe I can help or try to push you in the right direction.

It is about 3KB.

He meant the size of the RSA key itself, not the file it is in. Use this command to get the key size:

openssl x509 -in <file.pem> -noout -text | grep 'RSA Public Key'

It's probably 1024 or 2048 in size.

Sorry for misunderstanding. It is 2048. I suspected the size of it and generate 1024 bits. But nothing changes.

yep, the actual amount of characters the key holds. Sorry for not being explicit. When I was doing my SSL stuff, I tried a lot of things, I am currently at 4096 in size, I tried 16K and 8K and neither worked. But in your situation SSL is working but not "smooth" have you tried :

To redo you SSL cert?
Reinstall OpenSSL?
Reinstall Hiawatha?
What browsers?
How long is your RSA key (use Hugo's command he just posted)
Is your content static or dynamic (that you are working with on the server)
Did you properly install the php (if it is dynamic and I assume you are working with php) correctly?
Are you using php-fpm?
Is your php-fpm set up correctly?

I highly doubt (but then again this is from my expierence) that hiawatha is the issue. I have a dynamic application that will be holdings 1000's of records per table, (I'm at around 300 as I am testing) I'm joining, doing sub queries you name it, Hiawatha is eating this all up and still wanting more.

I reinstall them both and generate cert again before. I tried with firefox,chrome last versions. I could not use Hugo's command it gives error like "Error opening Certificate -text" I will look it later. I use cgi c.
Is hiawatha does handshaking for every packet? Beacuse i saw wireshark "hello client" "hello server" per each packet. May be it slows down my pc.

And i try to load a nearly empty page without js, css file etc only basic html code but it behaves same.

Well the protocol that you are using is TCP/IP which is a reliable connection oriented protocol. It sends a packet a packet to the destination, the destination sends a ackowledgement, then the recierver sends an ackowledgement to close off the port.

This is called SYN ACK.

When you say cgi c you mean the actual php5-cgi or cgi-fpm?

I know about TCP/IP but thank you. I am trying to understand how SSL handshaking is made and is it required for each packet? I saw that before sending actual data it sends hello client and get hello server answers. I expect that handshaking should made at the beginning and then the packages sends. If it occurs per each data packet it increases the traffic I am trying to understand if my pc can not handle the traffic I use ssi-cgi by the way.

Well, I don't have experience with SSI-CGI, on my hiawatha I have SSL, PHP-FPM running about 50 child processes. I would look into the PHP cgi side of it first. Maybe try to use php-fpm? if php-fpm is the problem then the web pages will be smoother. I highly doubt that that ssl is causing this.

What I think the problem could be is:
the php config
the hardware

or just latency issues.

The SSL handshake is done right after TCP's SYN ACK and is valid for the duration of the connection.

When i strace hiawatha i saw that it gets the timer signal (no:32) and broken pipe is written then continue the transmission and after a while again it gets this signal i looked at my timer modules and saw noone use it. Thank you very much for your help I will use another web server to verify if it is about my pc or server.