Universal SSL: How It Scales
CloudFlare's Universal SSL enables HTTPS for all websites using its Free plan, increasing the number of sites served over HTTPS from tens of thousands to millions. The company achieved this by leveraging modern hardware and software configurations that significantly reduce the cost of SSL on web servers. By utilizing Intel CPUs with specialized cryptographic instructions, prioritizing AES-based ciphers, and implementing elliptic curve cryptography for private key operations and key establishment, CloudFlare minimized the computational burden of TLS handshakes. Additionally, session sharing techniques and lazy loading of certificates further optimized server resources. This approach demonstrates that SSL can be deployed on a large scale with minimal impact on web server performance.
Company
Cloudflare
Date published
Oct. 1, 2014
Author(s)
Nick Sullivan
Word count
1104
Language
English
Hacker News points
18