Improving TTFB with TLS 1.3 in WordPress

security

TTFB (Time to First Byte) is one of the hardest one to optimize in WordPress.

Recently I was playing around with Google Cloud infrastructure for running WordPress. While testing I noticed something. Without HTTPS I was able to achieve <200ms TTFB in most of the regions around the world. However, after enabling HTTPS, it’s only 3 or 4 regions. The TTFB increased by 100-200+ ms.

without https
Without HTTPS
with https tls 1.2
With HTTPS

So I did some research on how to improve TTFB enabling HTTPS.

What is TLS?

TLS or Transport Layer Security is a successor of Secure Socket Layer (SSL). A protocol used to provide end-to-end encryption while transmitting data through HTTP.

Will TLS or HTTPS slow down my site?

In short, Yes.

Every time you make an HTTPS request, your browser has to exchange some keys and do the handshake. It usually takes a few round trips to make this happen.

Here is the time your browser spends to connect and make an SSL connection.

tls timing pingdom
SSL Handshake and Connection Time

The new TLS 1.3

TLS 1.3 is a new version of TLS which was released in August 2018. The major difference in TLS 1.3 when compared to the previous version 1.2 is the number of round trips.

tls 1.2 handshake
TLS 1.2
tls 1.3 handshake
TLS 1.3

Now let’s see how it really affects our TTFB.

with https tls 1.2
TLS 1.2
tls 1.3 ttfb
TLS 1.3

TLS 1.3 Browser Support

TLS 1.3 is released in August 2018. So some old browsers won’t support it. It’s good to have both TLS 1.3 and 1.2 in your server.

tls 1.3 browser support
Source: Can I use

How to find a website’s TLS version?

Open your website and check the ‘Security’ tab in developer tools (Ctrl+Shift+I or Ctrl+Opt+J).

tls version check

How to enable TLS 1.3 in WordPress

If you’re using premium managed hosting providers like Cloudways or Kinsta, it’s already enabled by default.

Cloudflare

If your website is behind Cloudflare HTTP proxy, then it’s enabled by default. You can find it under the ‘Crypto’ tab.

tls 1.3 in cloudflare

Apache

TLS 1.3 is now supported in Apache2 version 2.4.36. If your Apache server version is below that, better upgrade it.

You can find your current apache version by apache2 -v command. To upgrade apache run the following commands.

sudo apt-add-repository ppa:ondrej/apache2
sudo apt-get update
sudo apt-get dist-upgrade

Nginx

You must have Nginx version 1.13.0 or greater built against OpenSSL 1.1.1 or greater, and a valid SSL certificate.

In Nginx configuration file, add TLSv1.3 to the ssl_protocols directive, like:

ssl_protocols TLSv1.2 TLSv1.3;

Full conf file

server {

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name example.com;
  root /var/www/example.com/public;

  ssl_certificate /path/to/your/certificate.crt;
  ssl_certificate_key /path/to/your/private.key;

  ssl_protocols TLSv1.2 TLSv1.3;

}

Make sure you restart Nginx by:

sudo systemctl reload nginx.service

Conclusion

It’s a small tweak, but enabling TLS v1.3 helps to improve TTFB a lot, as well as security. Make sure your CDN also supports TLS 1.3.

Comment below if you’ve any queries or feedback. I read and reply back to each of them within 12 hours!

You May Also Like