Kurt McKee

lessons learned in production

TLSv1.3 and caching

Posted 13 December 2019 in website

I've made some additional changes to the site that should increase its performance!


Today I read about the changes in TLSv1.3, and they seem pretty excellent!

First, TLSv1.3 requires only one round trip exchange to establish an encrypted connection. One graph shows that the average time to complete a TLS handshake drops from 85ms with TLSv1.2 down to 44ms with TLSv1.3. That's a nice improvement!

Second, TLSv1.3 offers something called "zero round trip time resumption", or 0-RTT for short. Think of it like this: previous versions of TLS were like a phone call that required you to hang up and call the person back after each sentence. TLSv1.3 now allows you to just stay on the line and continue talking when you want to ask another question. It's genius!

TLSv1.3 is now enabled on the site.


PageSpeed and YSlow pointed out that I was serving content without any cache control, so I fixed that.

Most sites have images and stylesheets that are the same on each page, and my site is no different. If you visit my homepage and browse around, your browser will download those images and styles and store them. If the next page requires the same images and styles, your browser will ask my site for those files but will mention "I think I might have these already". And every time, my site will say "Yep, you have the latest. Just use what you have."

This conversation saves a little bandwidth, but it can be improved with cache control. I've turned on Expires headers for images and stylesheets, which preemptively tell your browser to keep using what it already has for a full year...so don't even bother asking for updates.

This is a big win for performance, and it's now implemented on my site!