3 Replies Latest reply: Feb 22, 2012 11:44 PM by Mark Paluch RSS

how to speed up secure (https) load time

kamal_khadka Newbie

I know there is extra handshake involved while rendering secured pages compared to pages that use http protocal.

 

Our application uses richfaces 3.3.2, seam 2, and jboss. How can the https pages rendering tuned up.

 

Thanks a lot

  • 1. Re: how to speed up secure (https) load time
    Brendan Healey Master

    I think the main thing is ensuring that static resources loaded over ssl are getting cached, providing this meets your security

    requirements. I've got a filter that sets up headers for the http response such that .xhtml pages don't get cached, and static

    resources do get cached:

     

        response.setHeader("Cache-Control", "max-age=31536000, public, must-revalidate"); // only for static resources

     

    I think the inclusion of "public" is important for https. Using a good browser like chrome or firefox you can see if the resources

    are reloading from the server every time, or loading from cache. One thing that can be very confusing is that with the chrome

    browser F5 will circumvent the browser cache, it's often thought that only ctrl+F5 does this. To mimic a normal navigation click

    into the browser url window and press return.

     

    Regards,

    Brendan.

  • 2. Re: how to speed up secure (https) load time
    kamal_khadka Newbie

    Thank you for replying me. I get the idea but not sure where shall I put

     

    response.setHeader("Cache-Control", "max-age=31536000, public, must-revalidate");

     

    in my code.

  • 3. Re: how to speed up secure (https) load time
    Mark Paluch Master

    Hi Kamal,

    write a CacheHeaderFilter (take a look on Servlet Filters, http://docs.oracle.com/javaee/6/api/javax/servlet/Filter.html) and map it in your web.xml to *.gif, *.jpg, *,css and so on (to all static file extensions, which apply).

     

    An other possibility might be using Apache HTTPd with mod_spdy (very performant secure protocol, but only by Google Chrome in use).

     

    Best regards,

    Mark