Apache SSL Reverse Proxy Very Slow Solution -

Apache SSL Reverse Proxy Very Slow Solution

This is a simple fix but not a simple problem and it still doesn't make sense to me.

But in a nutshell if your target proxy server works fast when accessing directly over SSL then this may be your issue.

It seems SSL does not play nicely when the target proxy destination/host has a riduculously long key (such as 8192 bits long).  Now this is normally not a problem, in fact the target server could be accessed with hardly any delay directly despite such a long key.

However when throwing a Proxy and Reverse Proxy with SSL in front of it, made requests take 20-30 seconds (not milliseconds but actual seconds).

I found many proposed solutions or people saying it should be that slow, but that's just not the case, yes SSL is slower but it shouldn't be this slow.  Disabling or enabling all SSL protocols also made no difference.

Solution

 

The problem was instantly solved by replacing the target server's SSL key with a 2048 bit one ( a smaller one). I think this is a big where the SSLProxyPass just can't handle the request properly when the target SSL server has a large public key.

Additional Performance Improvements


Use the "CacheEnable disk /" directive in httpd.conf


  • ffmpeg how to watermark and concatenate in one command
  • /usr/bin/ld: cannot find -lboost_system-mt-s /usr/bin/ld: cannot find -lboost_filesystem-mt-s /usr/bin/ld: cannot find -lboost_program_options-mt-s /usr/bin/ld: cannot find -lboost_thread-mt-s collect2: error: ld returned 1 exit status make: *** [cag
  • Wine uninstalled broken on Linux Mint
  • ffmpeg trouble concatenating similar but different files
  • ffmpeg Unable to Use Hardware Encoding with Nvidia 3.40 Driver and GT210 card
  • Linux Mint USB Kernel Tainted and Locked Port/Dev File
  • ffmpeg Linux Mint download, compile and install howto
  • OpenVZ error : Container start failed (try to check kernel messages, e.g. "dmesg | tail") Locked by: pid 166638, cmdline vzctl start 888171
  • How to extract view contents of initramfs image gzip'd
  • Linux how to copy GPT partition table with dd
  • Centos 7 How To Change Hostname
  • Debian/Mint/Ubuntu Font Packs/Recommended To Install
  • Migrate Centos 7 from Single HDD to mdadm RAID 10 array:
  • How to change reserved blocks in Linux partition
  • Reading package lists... Done W: GPG error: http://ppa.launchpad.net trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D46F45428842CE5E
  • Centos 7 A start job is running for dev-mapper-clx2droot.device (8min 44s / no limit)
  • USB 3.0 External HDD Enclosure Seagate UAS problems - [sdd] tag#1 CDB: Write(16) 8a 00 00 00 00 01 70 04 08 68 00 00 00 08 00 00
  • Centos 7 Cudaminer Nvidia setup guide
  • USB 3.0 PCI x1 Card Review VIA VL805 on Linux Review and Experience
  • rsync run as root sudo without password