We're developing a cloud-based service for businesses. The component I'm in charge of is divided in three parts, a simple WEB and assets server, an API server (both written in Go) and the actual WEB application (AngularJS based). The WEB application flow is pretty straightforward, it downloads assets and source files from the web server and datas from the API server.
Until yesterday we've been using a simple Self-Signed SSL certificate and I was blaming myself because the whole application was slow, and by slow I mean very slow (I didn't though about actually measuring it but it could take ~3/4 seconds to load assets and sources and a few more to load datas).
Yesterday we managed to start using a Trusted SSL Certificate (obtained via Let'sEncrypt) and all of a sudden I noticed that the performances have dramatically improved. It now takes (measured) less than 2 seconds to be fully loaded and ready to be used.
Now, I guess the actual reason is that, with a trusted Certification Authority and a valid SSL certificate, there are less security checks to be executed by the browser and/or during TLS handshake and thus less performance degradation in all requests.
But: Am I right or partially/completely wrong? Am I missing something?
Why not use HAproxy or Nginx as reverse proxy with ssl/tls and then direct the requests to your app. Something like https://www.digitalocean.com/community/tutorials/how-to-secure-haproxy-with-let-s-encrypt-on-ubuntu-14-04
This way you are supporting horizontal scaling.