TLS 1.3 handshakes cost 1 RTT, TLS 1.2 cost 2 RTT. For a global service, that's hundreds of milliseconds before the first byte. Three optimizations matter: session resumption, 0-RTT data, and OCSP stapling. Together they cut effective handshake cost to near zero for returning clients.
Session resumption
First handshake: server issues a session ticket. Client caches it. Subsequent connections to the same server: client sends the ticket; server validates and skips the full key exchange. Saves 1 RTT in TLS 1.3, even more in 1.2.
0-RTT data (TLS 1.3 only)
Client uses cached keys to encrypt application data IN the first packet — zero round trips before useful data flows. Catch: 0-RTT data is replayable. Only use for idempotent operations (GETs, not POSTs/PUTs).
OCSP stapling
Without stapling, the browser asks the CA's OCSP server 'is this cert still valid?' on every new TLS connection — adds 50-200ms. With stapling, the server fetches the OCSP response itself, refreshes hourly, and includes it in the TLS handshake. Browser sees pre-validated freshness.
Connection coalescing (HTTP/2 + HTTP/3)
If a.example.com and b.example.com resolve to the same IP and present a cert valid for both, browsers reuse the TLS connection. Saves N-1 handshakes for N subdomains. Configure SAN cert covering all your origins.
Measurable impact
| Optimization | p99 saved |
|---|---|
| Session resumption | ~50-100ms |
| 0-RTT data | ~50-150ms |
| OCSP stapling | ~50-200ms |
| Coalescing | ~100ms per origin |