Posts by wthayer

HTTP/2 Update

Posted by on October 26, 2016 in General | 0 comments

I wrote about the next version of the HTTP protocol 18 months ago. Since then, HTTP/2 has gained significant traction, but not without generating some controversy along the way. Performance Perhaps the biggest question lingering over HTTP/2 relates to real-world performance benefits. A demonstration comparing the time it takes to load a website over HTTP/1.1 without SSL/TLS versus HTTP/2 (which only works in browsers over HTTPS) has been criticized for being unrealistic. It loads 360 unique images, a scenario that highlights the strengths of HTTP/2’s new design. The criticism comes from the...

Read More

HTTP/2 Is Speedy and Secure

Posted by on April 20, 2015 in Blog | 0 comments

Since we last wrote about SSL/TLS performance, there has been a lot of activity in the IETF HTTP Working Group, resulting in the February announcement that the next version of HTTP has been approved. This is big news because it means that major SSL/TLS performance improvements are on the way. Background When your browser connects to a website today, it most likely uses the HTTP/1.1 protocol that was defined in 1999 in RFC 2616. Over the past 15 years, HTTP/1.1 has served us well and many tweaks have been discovered to make the most of it. However, in that time the web has transformed into a...

Read More

Extra Trips are for Frequent Flyers, Not SSL/TLS Performance

Posted by on October 30, 2014 in Blog | 0 comments

TLS is quickly becoming a de facto requirement for every website due to increased concerns about spying and Google’s recent move to use HTTPS as a factor in search engine ranking. In a recent article we explained how HSTS helps website operators to ensure that their site is always using TLS, but now we want to ensure that your performance isn’t sacrificed in the name of enhanced security. While the myth that TLS slows down a website has been debunked, some basic settings can make a site using TLS even faster. A number of factors influence the performance of TLS. The most critical time is...

Read More

What To Do When You Rely on Internal Names in TLS/SSL Certificates

Posted by on July 18, 2014 in Blog | 0 comments

A deadline set by the CA/Browser Forum for the use of Internal Names is quickly approaching, and many system administrators need to understand how best to adapt to this change. At the same time, hundreds of new top-level domains are being launched, which redefines what constitutes an Internal Name. In this post we’ll explain what the changes are, why they’re being made, and how you can update your systems in response to the problem. Internal Names and gTLDs An Internal Name is defined as “A string of characters (not an IP address) in a Common Name or Subject Alternative...

Read More

Benefits of Elliptic Curve Cryptography

Posted by on June 10, 2014 in Blog | 3 comments

Elliptic Curve Cryptography (ECC) has existed since the mid-1980s, but it is still looked on as the newcomer in the world of SSL, and has only begun to gain adoption in the past few years. ECC is a fundamentally different mathematical approach to encryption than the venerable RSA algorithm. An elliptic curve is an algebraic function (y2 = x3 + ax + b) which looks like a symmetrical curve parallel to the x axis when plotted. (See figures below.) As with other forms of public key cryptography, ECC is based on a one-way property in which it is easy to perform a calculation but infeasible to...

Read More