Learn all about HTTPS CDN and SSL/TLS CDN
Around 40% of the world’s population is connected to the Internet. A single virus can cause the collapse of an entire company’s informational infrastructure. Multinational corporations have the resources to create complex webs of servers across multiple continents to meet the demand.
What about small and medium-sized businesses? They need to compete with established companies while keeping most of their resources focused on their core business.
A Content Delivery Network is the answer. It’s a large-scale network that includes proxy servers strategically placed in various locations around the globe. These networks offer excellent response times and high performance. They also provide perfect availability, regardless of where visitors are located.
This article will cover the use of HTTPS CDN and SSL/TLS Over CDNs. It also explains how you can speed up encrypted connections with technologies like OCSP Stapling and Dynamic Record Sizing.
HTTPS, HTTPS SSL, and TLS: What’s The Difference?
In the early days, computers couldn’t send each other hypertext files. In 1989, Tim Berners-Lee (an English computer scientist) developed a communication protocol that would be the basis of the World Wide Web. This protocol’s name is HTTP. It is standardized by the World Wide Web Consortium (W3C), a global standards organization that has more than 400 members.
In the early days of HTTP, only 1% of the world’s population was connected to the Internet. The majority of people who had access to the internet were either in academia, military, and government. Most websites on the web were simple and contained no interactivity. As technology improved, more people around the globe were able to access the internet for personal and business purposes, as well as online banking and shopping.
There was a strong demand for a cryptographic protocol to allow secure communication over the Internet. Netscape Navigator, an American computer service company, developed the first such protocol. It was released in 1995 as SSL 2.0. Version 1.0 was dropped due to serious security flaws. Protocol establishes encrypted connection by using a port. The protocol establishes a secure connection between a client and a port. This allows clients to transfer data to the port.
This, and other factors, is what distinguishes SSL 2.0 from TLS 1.0 (an upgraded version of SSL 3.0). Christopher Allen and Tim Dierks from Consensus Development defined the first version of TLS in RFC 2246 on January 19, 1999. While the differences between SSL 3.0 & TLS aren’t too significant, the protocol name was changed to TLS in RFC 2246 by Christopher Allen and Tim Dierks of Consensus Development. For more information, see this article by Tim Dierks.
TLS is the most prominent method of creating secure communications over the Internet. TLS-encrypted connections start with an insecure handshake between client and server. The handshake between the client and server is only valid if both parties are satisfied. Modern web browsers support TLS1.1 and TLS1.2. TLS1.3 is still in heavy development.
We are left with Hypertext Transfer Protocol Secure. The additional ‘S’ indicates that data requests are being sent and received via a tunnel encrypted with SSL or TLS. Modern web browsers show HTTPS connection by displaying a green padlock symbol in the address bar. It can be used by visitors to verify the authenticity and ensure that their data is not stolen by malicious hackers.
Encrypted Connections Speeded Up Using
1. HTTP/2
2. OCSP Stapling
3. Dynamic Record Sizing
4. ALPN
5. Perfect Forward Secrecy
Although plain TLS can be used for encrypted connections over Content Delivery Networks (CDNs), there are extensions that can be used to speed up the process and make it more secure, without compromising compatibility with most web browsers.
HTML2
HTTP/2, a variant on SPDY (Google creation), was created by the IETF’s HTTP Work Group. This group also maintains the HTTP protocol. The limitation of one request per TCP connection has been removed from this new version of the protocol, which has been in use for over fifteen years. Secure websites that have a lot of resources load much faster than normal. This can be seen on all websites with on-demand video, even those that use Apple HLS and DASH streaming. The protocol overhead is substantial.
OCSP Stapling
In the past, a visitor would need to contact the certificate vendor to check if the certificate had been revoked before opening a secure website. This not only takes extra time but also exposes the visitor’s identity to the certificate issuer. OCSP stapling is a method by which the website contacts the SSL certificate vendor periodically and requests a time-limited verification about the certificate status. The website sends the visitor the time-stamped response on every connection. This method is more popular with customers and can result in higher customer satisfaction. Page load speed is one factor that influences abandonment rates.
Dynamic Records Sizing
All data sent over the internet is converted into packets of information that are 1500 bytes or less. When they get the data, browsers and other applications are able to start working with it. A browser will request resources from the header of a page before it receives the entire page from the server.
Browsers and any other application cannot begin decrypting data until they have received all of the blocks. This will happen if the record is larger than one packet. Your client will not be able to start decrypting the data until it has received the entire block of data. This is known as TLS latency. TLS introduces 1 second extra latency to your page load if you have a 16KB TLS file size. This is a huge problem for page load times.
This problem is easy to fix by setting the TLS records size to a small number. In fact, you can set the TLS records size to as little as one packet to reduce TLS’ latency overhead to virtually zero. However, this introduces a new problem. TLS uses larger records to improve performance and decrease the processing power needed for decrypting and encrypting new records. TLS records with smaller sizes suffer greatly in performance.
Cloudflare’s dynamic management of TLS records allows for a combination of two things: a) reducing record sizes (thereby minimizing latency during request phases) and b) increasing record sizes (and thus throughput) during connection phases for large file downloadings. This combination combines the best aspects of both: browsers can display pages faster and make resource requests earlier, while the larger records allow them to increase throughput and reduce CPU usage during later phases.
ALPN
ALPN and NPN are standards that relate to TLS. They allow the server to indicate support for protocols other then HTTP when a client establishes a secure connection. Clients must include information about which protocols they support and prefer to use when making their initial TLS connection. Clients use NPN and ALPN to request support for HTTP/2 for incoming connections.
Perfect Forward Secrecy
Perfect forward secrecy is an important property of secure communication protocols. It ensures that older communication sessions are not compromised, even if the public or private keys used in those communications get lost. It improves the security of all parties involved and is considered a key aspect of modern Internet security.
Why you should migrate to HTTPS
It is no secret that Google, and other search engines, use HTTPS as one their ranking signals. Websites that transmit data via secure communication channels have better chances to appear on the first search results page. Visitors will be more likely to stumble upon your site than your competitors’.
HTTPS is essential for any company or website that handles sensitive information and wishes to protect its clients. The Identity Theft Resource Center released a report that showed 781 data breaches in the United States in 2015. This is more than two breaches per day. It becomes evident why extra security measures are important when you consider that there were 1,966,324 reported notifications about malware attempts to steal money through online access to bank accounts, according to Kaspersky Security Bulletin 2015.
Cloudflare is among the few CDNs which support all 5 major TLS extensions. This makes it the best choice for anyone looking to accelerate content delivery and secure their assets using HTTPS. To learn more about the services offered and the many ways they can help you stay ahead of your competition, visit the official website.
