如何修复服务器证书验证缓慢

Question

我想从https服务器下载文件，但是速度很慢。在我的Linux构建机器上，获取文本文件需要花费几毫秒。在我的嵌入式计算机上，大约需要8秒钟。我想调试这个问题，但不知道要开始。

由于依赖关系，当前我无法更新到> 7.35的curl版本。 我的嵌入式计算机上的当前版本： curl 7.35.0（arm-poky-linux-gnueabi）libcurl / 7.35.0 GnuTLS / 2.12.23 zlib / 1.2.8

curl --trace-time -v https://www.__NAME__/test
15:34:26.140067 * Hostname was NOT found in DNS cache
15:34:26.150517 *   Trying xxx.xxx.xxx.xxx...
15:34:26.160614 * Connected to www.__NAME__ (xxx.xxx.xxx.xxx) port 443 (#0)
15:34:26.631358 * found 140 certificates in /etc/ssl/certs/ca-certificates.crt
15:34:35.321226 *        server certificate verification OK
15:34:35.331097 *        common name: __NAME__ (matched)
15:34:35.334841 *        server certificate expiration date OK
15:34:35.338357 *        server certificate activation date OK
15:34:35.348167 *        certificate public key: RSA
15:34:35.349381 *        certificate version: #3
15:34:35.350388 *        subject: CN=__NAME__
15:34:35.351593 *        start date: Sun, 07 Jul 2019 10:55:27 GMT

15:34:35.357564 *        expire date: Sat, 05 Oct 2019 10:55:27 GMT

15:34:35.358888 *        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
15:34:35.360188 *        compression: NULL
15:34:35.361210 *        cipher: AES-256-CBC
15:34:35.362170 *        MAC: SHA256
15:34:35.363490 > GET 

问题似乎出在“找到140个证书”和“服务器证书验证”之间

但是我不知道可能是什么问题。 欢迎对正在发生的事情或如何进行进一步调试提出任何想法。

在我运行良好的构建机器上跟踪： curl 7.35.0（x86_64-pc-linux-gnu）libcurl / 7.35.0 OpenSSL / 1.0.1f zlib / 1.2.8 libidn / 1.28 librtmp / 2.3

**curl --trace-time -v https://www.__NAME__/test
15:53:38.882696 * Hostname was NOT found in DNS cache
15:53:39.020597 *   Trying xxx.xxx.xxx.xxx...
15:53:39.028142 * Connected to www.__NAME__ (xxx.xxx.xxx.xxx) port 443 (#0)
15:53:39.029419 * successfully set certificate verify locations:
15:53:39.029474 *   CAfile: none
  CApath: /etc/ssl/certs
15:53:39.029696 * SSLv3, TLS handshake, Client hello (1):
15:53:39.046467 * SSLv3, TLS handshake, Server hello (2):
15:53:39.046983 * SSLv3, TLS handshake, CERT (11):
15:53:39.049840 * SSLv3, TLS handshake, Server key exchange (12):
15:53:39.052995 * SSLv3, TLS handshake, Server finished (14):
15:53:39.054752 * SSLv3, TLS handshake, Client key exchange (16):
15:53:39.055048 * SSLv3, TLS change cipher, Client hello (1):
15:53:39.055597 * SSLv3, TLS handshake, Finished (20):
15:53:39.063383 * SSLv3, TLS change cipher, Client hello (1):
15:53:39.063556 * SSLv3, TLS handshake, Finished (20):
15:53:39.063604 * SSL connection using ECDHE-RSA-AES256-GCM-SHA384
15:53:39.063636 * Server certificate:
15:53:39.063669 *    subject: CN=__NAME__
15:53:39.063697 *    start date: 2019-07-07 10:55:27 GMT
15:53:39.063724 *    expire date: 2019-10-05 10:55:27 GMT
15:53:39.063771 *    subjectAltName: www.__NAME__ matched
15:53:39.063804 *    issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
15:53:39.063830 *    SSL certificate verify ok.
15:53:39.064317 > GET