You can change a lot of things to try to improve performance, but you need to have access to Root, or you can modify the Apache or Nginx configuration. How I came to use Nginx I will use as a base.
1. Enable the keepalive:
keepalive_timeout 100
This will maintain/create a persistent, short-term connection between client and server.
Long enough for the user to navigate at least one next page, This reduces the need for Handshake, in other words less data (from Handshake itself) is transferred to each page loaded!
2. Enable SSL caching:
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 200m;
Once a connection is reconnected Nginx will cache for future requests, this will improve by almost 100%. In this example Nginx will store up to 10MB for 200 minutes.
In the nginx documentation it is said that "one megabyte can store about 4000 Sessions". So adjust this to your needs. ;)
3. Disable SSL (and enable TLS :P)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
This will disable the SSLv2 and the SSLv3, reducing the number of protocols tends to improve the speed of enabled protocols. But, do not expect a significant improvement with this.
Remember that SSL v2 is already considered unsafe, so turning it off is more than a performance issue!
Very old browsers (IE6) don’t support TLS, but I don’t think anyone cares.
4. Outsource the work
You may use third-party products such as Cloudflare, Incapsula, Sucuri and Sitelock (never used this! ), in addition to other services of the same type.
Their purpose is to serve as a CDN. They proxying the content of your website, breaking may still redirect to HTTPS for you, meaning your server will not have the job of redirecting to HTTPS. :D
Cliente -> [Cloudflare/Incapsula/Sucuri] -> Servidor
That is why such services take care of delivering SSL instead of their own server. That’s why all this cache, with the client, will be done by CDN.
But my server will still have to serve SSL, as this will help?
Simple, CDN will not always query your server! :)
Cliente = Requisição para site.com/img/um_byte.png, site.com/css/css.css...
Cliente -> [Cloudflare/Incapsula/Sucuri]
Cliente <- [Cloudflare/Incapsula/Sucuri]
Cliente = Requisição para site.com/index.php
Cliente -> [Cloudflare/Incapsula/Sucuri] -> Servidor
Cliente <- [Cloudflare/Incapsula/Sucuri] <- Servidor
CDN already has some of the files, your server saved 2 requests and saved all the trouble of processing the SSL of such two pages.
In addition it is possible to "falsify" an SSL, not in the literal sense. All these sites have "Flexible SSL" service, in other words...
Cliente -> {HTTPS} -> [Cloudflare/Incapsula/Sucuri] -> {HTTP} -> Servidor
Cliente <- {HTTPS} <- [Cloudflare/Incapsula/Sucuri] <- {HTTP} <- Servidor
This is unsafe! Because half the way will be using encryption, while another part will not! But, if your goal is just to get the "padlock" in the browser, that will be enough. Although I don’t consider this an ethical solution.
The use of "Flexible SSL", without prejudice to security in fact, comes down to distribute images, CSS, JS and static content. Data of this kind, in my opinion, do not carry "anything of the same". Therefore on my websites such folders/domains use Flexible, while the rest (e.g. login.php) uses "Full SSL", in addition such contents are cached by CDN itself, so I do not believe it is a security problem.
Cloudflare and Incapsula offer free SSL, if you enable SSL you will use the certificate generated by them. To use your own certificate (that is, use the certificate you already have, without being the one generated by them!) about 200 dollars/month must be disbursed in Cloudflare or 299 dollars/month in Incapsula or about 30 dollars/month in Sucuri. I have no link with such sites or services mentioned here, I have only used them all. Prices can be changed, check the updated price, as well as the features provided by each plan.
Spending on why you want to be safe? What kind of information does it protect? etc...
– Miguel
Hello Miguel, it is a curriculum system. Practically all pages are accessed through login and password.
– Luis
If you are giving so much speed difference so, it may be a problem in your redirect setting, or lack of cache. SSL is slower, but is not to give such a big difference.
– Bacco
Hello Bacco, the hostgator that set up https. I noticed that it takes almost twice as long to load pages.
– Luis
As the pages are all loaded with dynamic information, that is, via database, would the cache not "disturb" a little in real-time information display?
– Luis
Cache has to be done the right way and the right things. You will not normally cache a dynamic page (unless the information has "minimal validity", but you will normally make scripts and images. As for the configuration, I did not mean SSL, but your htaccess and your application.
– Bacco
Hello Dear, my htaccess is the same, it only includes the command to force the opening of https. Furthermore, I did not make any other modifications in msm. Taking the opportunity, there is something specific I should consider in this file because of my application run on secure connection?
– Luis