Google FalseStart 30% faster SSL handshake

On the Chromium blog, Google developers told about their success in implementing FalseStart SSL (RFC) SSL . This is a browser-based client technology that does not require any changes on the server side, but at the same time accelerates SSL handshaking by 30% (the delay is measured as the time between the initial TCP SYN packet and the end of the TLS procedure).

Thanks to FalseStart, the Chrome browser since the ninth version establishes an SSL connection 30% faster than other browsers. If you study the specifications , it seems that the main advantage in speed is achieved due to the fact that, if other conditions are met, sending data via a secure connection begins even before the acknowledgment of the connection is completed (see page 3).

After introducing this feature, the developers found that for some reason it does not work on all sites, although it fully complies with the official SSL and TLS specifications.
')
To investigate the problem, a list of all HTTPS sites from the Google index was compiled and FalseStart checked on them. It turned out that 0.4% could not establish a secure session. More thorough research has revealed that these sites work with load balancers from a limited number of vendors (for example, F5 and A10). All of them received notifications from Google. Many have already solved the problem, the rest will do it soon. Thus, now the Chromium source contains a list of domains on which FalseStart is not supported. On these domains, the function is simply disabled. The list will gradually shrink and eventually disappear altogether.

Perhaps with increased SSL performance, more sites will start to work in secure mode. As you know, now the greatest delay with SSL is provided by the handshaking procedure .