Log InSign Up

OCSP requests

Suggest Edits

If you sometimes see OCSP requests in your waterfall charts to domains like symcb.com here's a couple things you can do to smooth out your SpeedCurve results.

By default the SpeedCurve agents don't clear the operating system certificate cache between each test. This can lead to variability in your test results as the first test on an agent will request the certs and cause the test to take longer. But subsequent tests on that same agent will already have the certs and your test result will be much faster. You can sometimes spot this behaviour as you'll see "spiky" charts in SpeedCurve where some tests are much longer than others every now and then.

OCSP stapling 

The best way to resolve the issue is to double check that your server has OCSP stapling turned on. It's recommended for best security and performance of your SSL certs. The browser will no longer have to make extra OCSP requests and they won't show up in the SpeedCurve charts.

Note that even with stapling, some browsers like Chrome will still make OCSP requests for extended validation (EV) certificates.

Clear OS certs

If you have access to synthetic scripting you can add the following script command which will force the OS cert cache to be cleared before the test. This will make sure that every test has to do the OCSP requests. This isn't ideal as all your tests will be slower. They will be more consistent thought.

speedcurve\_clearcerts 1

Clears the OS certificate caches which causes IE to do OCSP/CRL checks during SSL negotiation if the certificates are not already cached.

Blocking requests

If you're comfortable blocking any OCSP requests you can do so using a WebPageTest script and the "blockDomains" command.

    blockDomains    ocsp.godaddy.com crl.godaddy.com
    navigate    https://www.website.com/

Updated 6 months ago