https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
That's on the local network. I remember a paper doing this over the internet, but couldn't find it. A similar one over the internet:
https://www.usenix.org/conference/usenixsecurity20/presentat...
But in practice it's going to be malicious JS running in your browser: https://www.schneier.com/blog/archives/2021/03/exploiting-sp...