Maybe it's the wording, but I find the recommendations to be a bit unclear and not entirely faithful to the linked Adam Langley article on "overclocking SSL". Here is how I've come to understand some of the issues related to SSL optimization:<p>1. Provide all and <i>only</i> the necessary certificates for the chain.<p>2. Avoid concatenated certificates if you can provide only one certificate for each step of the chain. For example, specify SSLCertificateFile, SSLCertificateChainFile, and SSLCACertificateFile when using Apache httpd, with each one pointing to a single file containing a single certificate. If each directive points to the same concatenated certificate (a common configuration), you're incurring unnecessary overhead and are likely to produce some of the same errors mentioned in the article.<p>3. The BEAST attack helped spotlight the fact that RC4 is not only safe for SSL, it's extremely fast and cheap compared to other ciphers. Until that is disproven, configure your server to show a preference for RC4.<p>I'll be the first to admit that some of the finer points in this field go whoosh! over my head, but hopefully these minor observations will complement the article for fellow head-scratchers. If any of my assumptions are wrong, please feel free to point out and explain my errors.