0

I'm building a web application that will be used in some remote parts of the country, normally with pretty awful options for internet access, usually satellite-based.

Satellite internet generally has high latency; combine that with extreme weather conditions and unhelpful ISPs, and I've noticed that a fair amount of the time (25% roughly) requests to websites that use HTTPS time out before they can deliver a web page. I assume this is due to HTTPS's handshaking, and the fact that if the home page of the site uses HTTPS then generally all the loaded libraries and images also require HTTPS, so there are a bunch of HTTPS connections trying to happen at once for a page to be served.

Since the whole damn internet is moving toward HTTPS, is there a way for high latency users to be included?

Back to my web app, I definitely need it to be secure. But equally importantly it has to work over these high latency connections. I'm considering a roll-your-own encryption scheme (ugh, I know) over HTTP, giving out symmetric keys over a different channel. I'd rather not, and I'm hoping that one of you has an idea I can use instead.

James
  • 101
  • Have you tried implementing HTTP/2, so there's just one connection for everything? There's a demo at https://www.cloudflare.com/website-optimization/http2/. – ceejayoz Jul 05 '17 at 17:29
  • did you calculated how much bandwidth is needed to display the page ? like, did you put a 3meg .jpeg in the background. I would check to optimise the site, like a mobile version – yagmoth555 Jul 05 '17 at 17:53
  • @ceejayoz No, I hadn't considered HTTP/2. Having a single connection sounds like it would help. Do you know if subsequent requests use that same connection or need to renegotiate it? – James Jul 05 '17 at 17:56
  • @yagmoth555 No, the site is currently very small, bandwidth doesn't seem to be a problem w satellite, just latency. That ssl handshake on every request for every resource is the killer. – James Jul 05 '17 at 17:58
  • If they cant open an https site, its bad, really bad. can you advise them to use a turbohub or similar cellular technology ? (I live in qc north, and slow sat link are behing migrated to such, the bandwidth is really not the same) – yagmoth555 Jul 05 '17 at 18:01
  • @yagmoth555 We've used cellular and cell boosters in the past but some of our sites are a long way from the nearest cell tower, some times there is just no service, other times it's unreliable. However when available the cell service doesn't have the latency problem. – James Jul 05 '17 at 18:04
  • k! too bad for a workaround, as a SSL handshake is like 4 packets, your sat provider seem problematic. – yagmoth555 Jul 05 '17 at 18:10
  • Have you tried [QUIC](https://en.wikipedia.org/wiki/QUIC)? – kasperd Jul 06 '17 at 21:54
  • @kasperd Interesting, especially about fewer round trips. I don't think I can use it though, it has to work with existing browsers, apps and servers on a range of devices. – James Jul 06 '17 at 22:19
  • @James You'd still have to fall back to ordinary HTTPS over TCP if the client or server doesn't support it. – kasperd Jul 07 '17 at 21:01

0 Answers0