Google Chrome's SSL False Start

By on May 19th, 2011 09:30 GMT

Way back in Google Chrome 9, which means late last year, Google introduced SSL False Start, a method of speeding up SSL handshakes enabling websites that use the secured protocol to load faster and removing some of the overhead of using an encrypted connection.

SSL False Start is more or less a hack, Chrome simply skips a, mostly unnecessary, step and requests that the server start sending the actual web page data faster than a browser regularly would.

While this is not how the handshake would normally occur, there's nothing in the SSL protocol specifications preventing Chrome from doing this. In fact, most websites work perfectly well when Chrome uses SSL False Start.

However, most websites is not the same as all websites and any feature that breaks even a handful of websites is a no-go.

When Google started thinking about SSL False Start, it set out to test whether the feature worked in the wild.

"We compiled a list of all known https websites from the Google index, and tested SSL FalseStart with all of them. The result of that test was encouraging: 94.6% succeeded, 5% timed out, and 0.4% failed. The sites that timed out were verified to be sites that are no longer running, so we could ignore them," Mike Belshe, Software Engineer at Google, wrote.

But 0.4 percent of all websites known to the Google index is quite a lot of websites. The engineers further investigated the problem and determined that many of the sites were using several SSL certificate providers. It reached out to those providers and most of them have fixed or are fixing the issue.

However, there still are some sites that won't work with SSL False Start, which is why Chrome maintains a built-in blacklist for which the feature is not enabled. Google is working on eventually making SSL False Start work everywhere, eliminating the need for this blacklist.

The news is encouraging, but none of this would be necessary in the first place if SSL False Start didn't provide a measurable performance improvement.

"We implemented SSL False Start in Chrome 9, and the results are stunning, yielding a significant decrease in overall SSL connection setup times. SSL False Start reduces the latency of a SSL handshake by 30%1. That is a big number. And reducing the cost of a SSL handshake is critical as more and more content providers move to SSL," Belshe explained.

Indeed, as more and more major websites, Google included, move towards using SSL connections for all of their products all of the time, reducing the overhead is hugely important.
SSL handshake latency with SSL False Start enabled in Google Chrome
   SSL handshake latency with SSL False Start enabled in Google Chrome
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

2 Comments