Apache SSL Reverse Proxy Very Slow Solution -

Apache SSL Reverse Proxy Very Slow Solution

This is a simple fix but not a simple problem and it still doesn't make sense to me.

But in a nutshell if your target proxy server works fast when accessing directly over SSL then this may be your issue.

It seems SSL does not play nicely when the target proxy destination/host has a riduculously long key (such as 8192 bits long).  Now this is normally not a problem, in fact the target server could be accessed with hardly any delay directly despite such a long key.

However when throwing a Proxy and Reverse Proxy with SSL in front of it, made requests take 20-30 seconds (not milliseconds but actual seconds).

I found many proposed solutions or people saying it should be that slow, but that's just not the case, yes SSL is slower but it shouldn't be this slow.  Disabling or enabling all SSL protocols also made no difference.

Solution

 

The problem was instantly solved by replacing the target server's SSL key with a 2048 bit one ( a smaller one). I think this is a big where the SSLProxyPass just can't handle the request properly when the target SSL server has a large public key.

Additional Performance Improvements


Use the "CacheEnable disk /" directive in httpd.conf


  • bash Linux how to get first or last letters of a word
  • l2tp ipsec VPN Error Sep 12 18:16:25 vps pluto[7299]: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.5.6.2 port 20640, complainant 192.5.6.2: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated
  • Centos 5.9 Working Vault Repo file
  • Disable SSH Password Authentication to Increase Security and Harden SSH Linux Unix Server Ubuntu Mint Centos Debian
  • ecryptfs how to mount or recover from a backup
  • Linux bash script to see what connected computers respond to ping
  • rsync specify alternate port non-standard port than 22
  • Centos 6.6/6.9 KVM VM Kernel Panic On Boot - Kernel panic - not syncing: Attempted to kill init!
  • Cannot allocate TUN/TAP dev dynamically - FreeBSD/OpenBSD OpenVPN Client error Solution
  • Linux Mint/Ubuntu/Debian apt how to downgrade a package
  • Ubuntu Linux Mint How To Exclude Stop Package from being Upgraded or Installed
  • Intel NUC Lower Power Green Computing Boxes Review/Comparison of J3160 and J3455 Models
  • How to backup entire computer Linux Mint Ubuntu with tar
  • tar how to ignore failed reads and not exit
  • kdenlive titles/text renders as white screen when using .sh script
  • [1035724.274610] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=62076478 end=62076479) time 102 us, min 894, max 899, scanline start 893, end 900 W: Possible missing firmware /lib/firmware/i915/kbl_dmc_ver1.bin
  • ffmpeg how to watermark and concatenate in one command
  • /usr/bin/ld: cannot find -lboost_system-mt-s /usr/bin/ld: cannot find -lboost_filesystem-mt-s /usr/bin/ld: cannot find -lboost_program_options-mt-s /usr/bin/ld: cannot find -lboost_thread-mt-s collect2: error: ld returned 1 exit status make: *** [cag
  • Wine uninstalled broken on Linux Mint
  • ffmpeg trouble concatenating similar but different files