[hannob]

There are a couple of other things you can do with existing TLS technology that can improve your latency, e.g. using OCSP stapling, use modern crypto so browsers may use TLS false start, avoid too many ciphers or unnecessary certs in the chain to make the handshake smaller.

It's a bit older, but here's some info, much of it is still valid: https://istlsfastyet.com/

[citrin_ru]

It is questionable if OCSP stapling reduces TLS handshake time.

Without OCSP browser makes slow request to CA, but caches results for a long time so slow request happens not often.

With OCSP stapling enabled more data is transferred between client and server on each TLS handshake.

Main proponents of OCSP stapling are CA, because it saves them bandwidth/hardware.

[pfg]

Thinking about this a bit, it seems to be that clients talking to a server with OCSP stapling support could still make use of cached OCSP responses by simply omitting the "status_request" extension in the client hello, which would cause the server not to send the stapled OCSP response. I don't think any clients behave that way today, though.

I'm not certain how session resumption plays into this either. If OCSP is skipped for resumed session as well (which would be my guess), you'd probably not take that small bandwidth hit all that often.

As an aside, OCSP stapling improves your user's privacy quite a bit as well, by not giving your CA a list of all IP addresses connecting to a domain.