<b>Edge TLS termination vs. full origin handshake: a Dublin store cuts setup time</b>

<b>Edge TLS termination vs. full origin handshake: a Dublin store cuts setup time</b>
An online grocer terminated TLS only at origin in Dublin, with the CDN passing encrypted bytes straight through. Every new visitor from distant regions paid for a full TLS handshake across the ocean — multiple round trips to Dublin before a single byte of page.
A first-time Lima shopper waited 680ms just on connection setup.
They moved TLS termination to the edge PoP, with a warm keep-alive tunnel from edge to origin. The handshake now happened over the short hop to the nearest PoP, not across the Atlantic.
Connection setup for the Lima user dropped from 680ms to 90ms. Origin CPU also fell, freed from per-visitor crypto.
Origin-only TLS suits strict end-to-end encryption mandates. Edge termination wins almost everywhere else on latency.
The number that mattered: TLS setup from 680ms to 90ms.

—
Для любителей full funnel case studies — @greenday_roi