SSL False Start in Chrome Rduces Latency of a SSL Handshake by 30 Percent

Google implemented SSL False Start in Chrome 9, a client-side only change to reduce one round-trip from the SSL handshake. Google says that the results are stunning, yielding a significant decrease in overall SSL connection setup times. SSL False Start reduces the latency of a SSL handshake by 30%."Our biggest concern with implementing SSL False […]

Google implemented SSL False Start in Chrome 9, a client-side only change to reduce one round-trip from the SSL handshake. Google says that the results are stunning, yielding a significant decrease in overall SSL connection setup times. SSL False Start reduces the latency of a SSL handshake by 30%.

"Our biggest concern with implementing SSL False Start was backward compatibility. Although nothing in the SSL specification (also known as TLS) explicitly prohibits FalseStart, there was no easy way to know whether it would work with all sites. Speed is great, but if it breaks user experience for even a small fraction of users, the optimization is non-deployable.

To answer this question, we compiled a list of all known https websites from the Google index, and tested SSL FalseStart with all of them. The result of that test was encouraging: 94.6% succeeded, 5% timed out, and 0.4% failed. The sites that timed out were verified to be sites that are no longer running, so we could ignore them, Google stated.

"To investigate the failing sites, we implemented a more robust check to understand how the failures occurred. We disregarded those sites that failed due to certificate failures or problems unrelated to FalseStart. Finally, we discovered that the sites which didn't support FalseStart were using only a handful of SSL vendors. We reported the problem to the vendors, and most have fixed it already, while the others have fixes in progress. The result is that today, we've a manageable, small list of domains where SSL FalseStart doesn't work, and we've added them to a list within Chrome where we simply won't use FalseStart. This list is public and posted in the chromium source code. We're actively working to shrink the list and ultimately remove it," Google said.

Reference: SSL False Start

[Source: Chromium blog]