https delay between “Change Cipher Spec” and “Application Data”

Question

I am using .NET 4.5 on Windows 7 (client) to make https calls to lighttpd running on an embedded system (server).

The first https request is +-120ms slower than subsequent requests. It is normal the first request is slower because the connection is set up and the other requests re-use the existing connection.

When I look in Wireshark I see the following TLSv1 messages:

client -> server: Client Hello
server -> client: Server Hello, Certificate, Server Hello Done
client -> server: Client Key Exchange, Change Cipher Spec, Finished
server -> client: Change Cipher Spec, Finished

This setup process takes about 25ms.

Then it takes 80ms before the Windows machine sends the http request

client -> server: Http Request

Question

Why does it take the Windows machine 80ms to send out the request? Can I reduce this latency?

Note If I send requests using Qt 5.2 (which uses OpenSSL) on the same machine, the setup process takes about 55ms and the Http Request is sent within 1ms.

Answer 1

(Answering my own question)

During this time .NET validates the server certificate. The validation includes verifying the name and linking the certificate up to a system trusted root CA.

The time cannot be reduced.