0

We're using AWS API Gateway in a single region, which users from all over the world interact with. We've not yet had a chance to do multi-region deployments so some users experience a lot of latency as they're far from the AWS region.

I've seen that TLS 1.3 is faster due to single round-trip handshake and zero round-trip follow-ups. Our server interacts with apps (not browsers) so it's not too hard to ensure all our users have TLS 1.3 support. I'm curious roughly how much it would speed up the latency of our HTTPS requests and WebSocket connections if we enforced TLS 1.3?

pir
  • 61
  • 4
  • What was your measurement when you tested it? – Michael Hampton Aug 04 '20 at 21:04
  • I have not yet been able to. Supporting TLS 1.3 on the server will take some effort as will testing the latency from different locations. I'd really appreciate it if someone could provide an approximate answer (e.g. the order-of-magnitude improvement) so we can evaluate whether it's worth it to do more in-depth testing. – pir Aug 04 '20 at 21:06

1 Answers1

1

I'm curious roughly how much it would speed up the latency of our HTTPS requests and WebSocket connections if we enforced TLS 1.3?

As you already realized - it is a single round trip less than a "normal" TLS connection (i.e. full handshake without session reuse). So you can exactly expect this speedup: the time for a single round trip . Everything else is not faster with TLS 1.3 so you only see the effect with the connection establishment.

How much time a single round trip needs depends on the connectivity between client and server, i.e. is specific to your network setup.

Steffen Ullrich
  • 13,227
  • 27
  • 39
  • Thanks. Do you know if the TLS handshake is done with the server in our AWS region or if AWS does the handshake closer to the end-user? – pir Aug 04 '20 at 21:36
  • 1
    @pir: My understanding is that the TLS termination (and thus the handshake) is done at the API gateway itself and thus in the region of the API gateway. – Steffen Ullrich Aug 05 '20 at 05:12