[aflukasz]

And mostly if you are behind CISCO firewall during TLS Server Identity Discovery or some equivalent setup. 3 seconds mentioned in the article were coming mostly from that. From the text itself it's not clear how much gains come from sslnegotiation=direct itself (if we assume no other factors like those present in this case).

[aflukasz]

For those interested - I've checked and observed a difference of 0.2ms on average across 1000 connection attempts on localhost.

[yencabulator]

Localhost is the least interesting place to measure a roundtrip delay.

[aflukasz]

Fair point, but it's a place with some useful properties.

All the rest of the effect will depend on the specifics of your network. Observing the impact on localhost shows scale of the effect that does not come from the network (more or less) and puts a lower bound on its size one can expect in more realistic conditions.

[yencabulator]

Even without Cisco meddling, sslnegotiation=direct saves a roundtrip.