Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.
Problem description
After CDN is used, the access speed is slow in the private mode of the browser, but the local network speed of the client is normal.
Cause
Currently, CDN uses the latest RFC standard protocol, but the client TSL protocol is incompatible with the CDN protocol version.
Solution
The following are the steps to troubleshoot the slow access to HTTPS websites but the local network speed is normal.
- Open the browser in developer mode and identify the problematic node as the SSL connection establishment phase.
- Use Wireshark to capture packets and re-initiate a request on the client to obtain the packet capture record of the entire request process. The captured packet data is as follows. After the client returns an ACK acknowledgement packet at 16:50:29.304774, the connection card is disconnected for nearly 23 seconds, and the Change Cipher Spec data packet is initiated at 16:50:52.123301, and the messages sent after notifying the server are encrypted packets.
Note: the IP address in the upper-left corner of the figure is the IP address of a CDN node.
- It is inferred through analysis that there is a problem in the Change Clipher Spec process of the client in the SSL connection establishment phase, which is determined to be a protocol-level problem. Check the CDN configuration to determine that CDN supports TLSv1.0 to TLSv1.3, which may be due to the compatibility of the client's TSL protocol.
- Log on to the CDN console and disable TSLv1.3 for CDN. For more information about how to disable TSLv1.3, see configure TLS.
- The client reinitiates a connection test and confirms that the HTTPS website access speed is back to normal.
Application scope
- CDN
- Dynamic Route for CDN