How Qzone Boosted Mobile HTTPS Performance by Over 1 Second

Qzone’s mobile pages experienced a significant slowdown after migrating to HTTPS, with iOS page load time rising from ~1795 ms to ~2630 ms (about a 50% increase). To improve user experience while maintaining security, the team applied a series of optimizations.

Adopting SPDY

SPDY, Google’s early multiplexing protocol, was enabled on iOS (Safari 8+ and WebView) covering over 85% of users. Enabling HTTPS + SPDY reduced page load time by roughly 370 ms.

Identifying the SSL Handshake Bottleneck

Even after SPDY, HTTPS remained ~400 ms slower than HTTP, mainly due to SSL handshakes. Each domain required a separate TCP connection and handshake (~200 ms each).

Three Strategies to Reduce SSL Handshake Time

Increase TCP connection reuse : Pre‑establish a connection to h5.qzone.qq.com at page entry, keep it alive for 60 s, and reuse it for subsequent requests, cutting ~400 ms from average load time with a 75% hit rate.

Increase SSL session reuse : Deploy distributed session cache and global session ticket keys. This lowered handshake time from 400 ms to 100 ms on Android and from 200 ms to 100 ms on iOS.

Reduce the number of request domains : Consolidate static assets from qzonestyle.gtimg.cn onto the main domain h5.qzone.qq.com via an HTTP proxy, eliminating an extra handshake and gaining another ~200 ms.

These measures together reduced the HTTPS page load time by over 1000 ms, making it comparable to or even faster than HTTP in some scenarios due to TCP reuse.

TLS Protocol and Cipher Suite Analysis

Performance tests showed TLS 1.2 outperforms 1.1 and 1.0. The best cipher suites were ECDHE‑RSA‑AES128‑GCM‑SHA256 and ECDHE‑RSA‑AES128‑SHA256. Although ECDHE‑RSA‑CHACHA20‑POLY1305 could offer gains, it is not yet supported on iOS.

Future work includes deeper protocol and algorithm analysis, TCP parameter tuning, handshake optimization, and SSL record size adjustments.

Conclusion

Through SPDY, TCP and SSL session reuse, domain consolidation, and TLS tuning, Qzone achieved a total HTTPS performance improvement of more than 1000 ms, effectively eliminating the speed gap with HTTP and, in some cases, surpassing it.

Beyond SPDY, the team is also rolling out HTTP/2 in selected regions, further encouraging full‑site HTTPS adoption.