OCSP Stapling: How CloudFlare Just Made SSL 30% Faster

CloudFlare has announced several improvements to enhance the performance of SSL, aiming to make it a no-brainer decision for websites to secure their sites with SSL. One significant performance hit to SSL is the OCSP/CRL check, which makes up 30% or more of HTTPS overhead. To speed up OCSP/CRL performance, CloudFlare has enabled OCSP Stapling network-wide, eliminating this performance tax on HTTP connections. The OCSP/CRL check is a necessary process to support secure web connections over HTTPS and involves revoking certificates if they are compromised or stolen before expiration. However, the check adds significant overhead, with 30% of SSL slowness attributed to it. By stapling the OCSP response to the initial SSL handshake, CloudFlare has significantly improved SSL performance for its customers.