What We Just Did to Make SSL Even Faster
In December 2012, Matthew Prince discussed how they made SSL faster by enabling OCSP stapling across their network, resulting in a 30% performance increase on SSL handshakes for browsers that supported it. However, further investigation revealed areas where they could improve their SSL deployment. They took this criticism to heart and released an improved SSL process with the goal of providing the fastest, strongest SSL with the most ubiquitous browser support. They developed a system to find the shortest path between a user's uploaded certificate and a trusted root certificate in browsers, ranking chains based on factors such as length, security, and validity period. This resulted in an optimized server bundle that was small, fast, and strong while having ubiquitous browser support. They also planned to release their SSL bundler as a free service for anyone who wanted the fastest possible SSL for their given certificate.
Company
Cloudflare
Date published
Dec. 11, 2012
Author(s)
Matthew Prince
Word count
1087
Hacker News points
None found.
Language
English