Академический Документы
Профессиональный Документы
Культура Документы
With around 40% of the world’s population being connected to the Internet, a single
viral link can bring down the entire informational infrastructure of a company. Large,
multinational organizations have the resources required to build complex webs of
servers spanning multiple continents, to cope with the sudden surge in demand.
But what about small– and mid-sized businesses? How can they compete with
established players and still direct most of their resources at the core of their
business? The answer is the use of a CDN (Content Delivery Network), a large-
scale network of proxy servers strategically located in different locations across the
world. Such networks provide excellent response times, high performance, and
perfect availability irrespective of the actual physical location of visitors.
In this article, you will learn everything you need to know about the usage of HTTPS
CDN, SSL/TLS over CDNs, and some of the ways you can speed up your encrypted
connections using technologies such as OCSP Stapling, Dynamic Record Sizing,
Perfect Forward Secrecy, and others.
HTTP/2
HTTP/2 is a variant of SPDY (a Google creation), and was developed by the IETF’s
HTTP Working Group — the same group that maintains the HTTP protocol. This new
version of the protocol that has served the web for more than fifteen years gets rid of
the limitation to one request per TCP connection. In practice, secured websites with
a lot of resources can be loaded much faster than they could be otherwise. The
practical effects of this can be experienced on every website with on-demand video,
including those utilizing Apple HLS & DASH streaming — where the protocol
overhead is significant.
OCSP Stapling
Traditionally, when a visitor would open a website secured with SSL, the visitor’s
browser would have to contact the certificate vendor who has issued the certificate to
verify if it had been revoked. Not only does this take extra time, but it also exposes
the identity of the visitor to the issuer of the certificate. With OCSP stapling, it’s the
website itself which periodically contacts the SSL certificate vendor and retrieves a
time-limited verification of the certificate status. On each new connection, the
website sends the time-stamped OCSP response to the visitor. Businesses who use
this method can expect higher customer satisfaction, as page load speed is one of
the most important factors influencing the abandon rate.
ALPN
ALPN, and its older cousin NPN, are two standards related to TLS, which allow the
server to signify support for protocols other than HTTP when a client makes a secure
connection. When a client makes an initial TLS connection they include a list of
which protocols the client supports and would like to use to connect. ALPN and NPN
are typically used for clients to negotiate support for HTTP/2 on incoming
connections.