3 Replies Latest reply on Feb 22, 2012 11:44 PM by Mark Paluch

    how to speed up secure (https) load time

    kamal_khadka Newbie

      I know there is extra handshake involved while rendering secured pages compared to pages that use http protocal.


      Our application uses richfaces 3.3.2, seam 2, and jboss. How can the https pages rendering tuned up.


      Thanks a lot

        • 1. Re: how to speed up secure (https) load time
          Brendan Healey Master

          I think the main thing is ensuring that static resources loaded over ssl are getting cached, providing this meets your security

          requirements. I've got a filter that sets up headers for the http response such that .xhtml pages don't get cached, and static

          resources do get cached:


              response.setHeader("Cache-Control", "max-age=31536000, public, must-revalidate"); // only for static resources


          I think the inclusion of "public" is important for https. Using a good browser like chrome or firefox you can see if the resources

          are reloading from the server every time, or loading from cache. One thing that can be very confusing is that with the chrome

          browser F5 will circumvent the browser cache, it's often thought that only ctrl+F5 does this. To mimic a normal navigation click

          into the browser url window and press return.




          1 of 1 people found this helpful
          • 2. Re: how to speed up secure (https) load time
            kamal_khadka Newbie

            Thank you for replying me. I get the idea but not sure where shall I put


            response.setHeader("Cache-Control", "max-age=31536000, public, must-revalidate");


            in my code.

            • 3. Re: how to speed up secure (https) load time
              Mark Paluch Master

              Hi Kamal,

              write a CacheHeaderFilter (take a look on Servlet Filters, http://docs.oracle.com/javaee/6/api/javax/servlet/Filter.html) and map it in your web.xml to *.gif, *.jpg, *,css and so on (to all static file extensions, which apply).


              An other possibility might be using Apache HTTPd with mod_spdy (very performant secure protocol, but only by Google Chrome in use).


              Best regards,


              1 of 1 people found this helpful