Slow SSL on Fedora

So, I’ve been using Fedora Core 3 (I really must upgrade to 4) and I’ve noticed that SSL – ie HTTPS – is really slow. Logging into eBay took something like a half hour. I consulted someone who uses FC3 as their primary operating system and his suggestion was to disable the firewall. “but…” I protested. The response was simple: “Stop being such a pussy. You’ve got a firewall in your modem.” And I do.

So I did – Applications | System Settings | Security Level got me to firewall configuration, one option of which was “forgetaboudit”. A reboot of the iptables (iptables is the linux firewall: very sophisticated, very powerful, very fragile, requires a detailed understanding of IP protocols to use correctly) later – either by a command line entry (simple – just enter service iptables restart) or a system reboot (easy to remember, but takes a fair old time – FC boot time is longer than XP’s) and the firewall’s behaviour was changed. Then secure logins went just as fast as straight HTTP, and it was clear that the Red Hat Firewall was the culprit.

Hours of searching the web revealed a suggestion for a change to the configuration file, which I went to implement in a restarted firewall – and it was already there. So, to make Firefox – or any other web browser – do fast SSL when it was going slow – you need to disable, then re-enable the firewall. You can do that by picking Applications | System Settings | Security Level from the menu, disabling the firewall, opening a terminal window and entering service iptables restart, and repeating the process but enabling the firewall this time (ensure you have web turned on).

In FC3 the default firewall install doesn’t like HTTPS. And I thought Windows was freaky. I understand the FC4 doesn’t do this crazy shit.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

1 thought on “Slow SSL on Fedora

  1. daniel

    I’m now relying on my modem’s firewall. Okay, plus XP SP2’s on one machine, but the other Win2K machine is just using the modem.

Comments are closed.