Universal SSL: How It Scales

CloudFlare's Universal SSL enables HTTPS for all websites using its Free plan, increasing the number of sites served over HTTPS from tens of thousands to millions. The company achieved this by leveraging modern hardware and software configurations that significantly reduce the cost of SSL on web servers. By utilizing Intel CPUs with specialized cryptographic instructions, prioritizing AES-based ciphers, and implementing elliptic curve cryptography for private key operations and key establishment, CloudFlare minimized the computational burden of TLS handshakes. Additionally, session sharing techniques and lazy loading of certificates further optimized server resources. This approach demonstrates that SSL can be deployed on a large scale with minimal impact on web server performance.