Improving TTFB with TLS 1.3 in WordPress

Security

TTFB (Time to First Byte) is one of the hardest one to optimize in WordPress.

Recently I was playing around with Google Cloud infrastructure for running WordPress. While testing I noticed something. Without HTTPS I was able to achieve <200ms TTFB in most of the regions around the world. However, after enabling HTTPS, it’s only 3 or 4 regions. The TTFB increased by 100-200+ ms.

Without HTTPS
With HTTPS

So I did some research on how to improve TTFB enabling HTTPS.

What is TLS?

TLS or Transport Layer Security is a successor of Secure Socket Layer (SSL). A protocol used to provide end-to-end encryption while transmitting data through HTTP.

Will TLS or HTTPS slow down my site?

In short, Yes.

Every time you make an HTTPS request, your browser has to exchange some keys and do the handshake. It usually takes a few round trips to make this happen.

Here is the time your browser spends to connect and make an SSL connection.

SSL Handshake and Connection Time

The new TLS 1.3

TLS 1.3 is a new version of TLS which was released in August 2018. The major difference in TLS 1.3 when compared to the previous version 1.2 is the number of round trips.

TLS 1.2
TLS 1.3

Now let’s see how it really affects our TTFB.

TLS 1.2
TLS 1.3

TLS 1.3 Browser Support

TLS 1.3 is released in August 2018. So some old browsers won’t support it. It’s good to have both TLS 1.3 and 1.2 in your server.

Source: Can I use

How to find a website’s TLS version?

Open your website and check the ‘Security’ tab in developer tools (Ctrl+Shift+I or Ctrl+Opt+J).

How to enable TLS 1.3 in WordPress

If you’re using premium managed hosting providers like Cloudways or Kinsta, it’s already enabled by default.

Cloudflare

If your website is behind Cloudflare HTTP proxy, then it’s enabled by default. You can find it under the ‘Crypto’ tab.

Apache

TLS 1.3 is now supported in Apache2 version 2.4.36. If your Apache server version is below that, better upgrade it.

You can find your current apache version by apache2 -v command. To upgrade apache run the following commands.

sudo apt-add-repository ppa:ondrej/apache2
sudo apt-get update
sudo apt-get dist-upgrade

Nginx

You must have Nginx version 1.13.0 or greater built against OpenSSL 1.1.1 or greater, and a valid SSL certificate.

In Nginx configuration file, add TLSv1.3 to the ssl_protocols directive, like:

ssl_protocols TLSv1.2 TLSv1.3;

Full conf file

server {

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name example.com;
  root /var/www/example.com/public;

  ssl_certificate /path/to/your/certificate.crt;
  ssl_certificate_key /path/to/your/private.key;

  ssl_protocols TLSv1.2 TLSv1.3;

}

Make sure you restart Nginx by:

sudo systemctl reload nginx.service

Conclusion

It’s a small tweak, but enabling TLS v1.3 helps to improve TTFB a lot, as well as security. Make sure your CDN also supports TLS 1.3.

Comment below if you’ve any queries or feedback. I read and reply to each of them within 8 hours!

Comments are closed.

You May Also Like