Code Optimization

Interesting things about software development and code optimization

SSL Time and Rating

28. September 2019 admin Code Optimization, Learning (0)

Hello,


Today I'm going to share some experience about SSL rating, time, security, performance and why it is better to turn off the RC4 protocol.


Also I did find and would like to share two useful resources that you can use to check your SSL and Website overall performance:

https://www.dotcom-tools.com/website-speed-test.aspx to analyze your website from different world locations

https://www.ssllabs.com/ssltest/analyze.html to analyze your SSL certificate


Using that two tools I did find a few main issues: my IIS server were still using RC4 that is considered non-secure, my DNS resolving time was too long from some points of world and my SSL handshake time was not very fast.


DNS resolving time - is still an issue as it require non-server and non-application actions to be taken to resolve it :(

SSL handshake is not so easy to resolve as well but what I have noticed is that resolving RC4 did speedup overall website loading performance and increase overall security rating.


So first step I would suggest is disabling the RC4 protocol. Lets take a look how to disable it on Windows Server with IIS:

- Open the RegEdit (Win + R >> regedit) and find the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Ciphers


- Right-click on Ciphers >> New >> Key and name it RC4 40/128

Hardening_14.jpg


- Right-click on RC4 40/128 >> New >> DWORD (32-bit) Value and name the value Enabled

Hardening_15.jpg


- Double-click the created Enabled value and make sure that there is zero (0) in Value Data field then click OK

Hardening_16.jpg


- Repeat those steps and create two more keys with the names RC4 56/128 and RC4 128/128 in the Ciphers directory

Hardening_17.jpg


- Close the RegEdit


In my case it was not required to reboot my server so I hope you will see the result immediately as well using the ssllabs web-tool I mentioned before.


This will give your A Rating for your SSL website security and as I noticed it speed up your website overall loading time (including SSL time) by 1.2-1.5 times.




Hope that will help you as well and let me know if you can add some useful info in comments.


Thank you and see you :)




1vqHSTrq1GEoEF7QsL8dhmJfRMDVxhv2y