OCSP Stapling: How CloudFlare Just Made SSL 30% Faster
CloudFlare has announced several improvements to enhance the performance of SSL, aiming to make it a no-brainer decision for websites to secure their sites with SSL. One significant performance hit to SSL is the OCSP/CRL check, which makes up 30% or more of HTTPS overhead. To speed up OCSP/CRL performance, CloudFlare has enabled OCSP Stapling network-wide, eliminating this performance tax on HTTP connections. The OCSP/CRL check is a necessary process to support secure web connections over HTTPS and involves revoking certificates if they are compromised or stolen before expiration. However, the check adds significant overhead, with 30% of SSL slowness attributed to it. By stapling the OCSP response to the initial SSL handshake, CloudFlare has significantly improved SSL performance for its customers.
Company
Cloudflare
Date published
Oct. 29, 2012
Author(s)
Matthew Prince
Word count
855
Hacker News points
None found.
Language
English