SSL FalseStart Performance Results (The Chromium Blog)
SSL FalseStart Performance Results (The Chromium Blog)
Over at the Chromium blog, Google is reporting on the performance of SSL FalseStart, which is implemented in the Chromium browser. SSL FalseStart takes a seemingly legal (in a protocol sense) shortcut in the SSL handshake, which leads to 30% less latency in SSL startup time. In order to roll it out, Google also needed to determine which sites didn't support the feature: "To investigate the failing sites, we implemented a more robust check to understand how the failures occurred. We disregarded those sites that failed due to certificate failures or problems unrelated to FalseStart. Finally, we discovered that the sites which didn't support FalseStart were using only a handful of SSL vendors. We reported the problem to the vendors, and most have fixed it already, while the others have fixes in progress. The result is that today, we have a manageable, small list of domains where SSL FalseStart doesn't work, and we've added them to a list within Chrome where we simply wont use FalseStart. This list is public and posted in the chromium source code. We are actively working to shrink the list and ultimately remove it.
" It seems likely that other browsers can take advantage of this work.