TLS is the successor of SSL, which is available in its latest release SSL 3.0. TLS has exactly one performance problem: it is not used widely enough. All in all, it wouldn’t make sense to forgo HTTPS for the sake of a little overhead.Īs Ilya Grigorik puts it, there is but one performance problem: Even for Google, the SSL/TLS layer accounts for less than 1% of the CPU load and the the network overhead of HTTPS as compared to HTTP is below 2%. We also don’t need any specialized hardware with cryptography units. One of the most common myths is that using SSL/TLS is computationally expensive and slows the server down. What does this additional layer actually give us? There are multiple advantages: we get authentication by having keys and certificates a certain kind of privacy and confidentiality is guaranteed, as the connection is encrypted in an asymmetric manner and data integrity is also preserved, as transmitted data can’t be changed during transit. HTTPS is nothing more than the HTTP protocol on top of SSL/TLS. What does our stack actually look like? From the perspective of a website running in the browser (at the application level) we have to traverse the following layers to reach the IP level: Although the standard doesn’t specify mandatory encryption, currently no browser supports HTTP/2 unencrypted. One of the most important aspects is the backwards compatibility with HTTP 1.1 and the negotiation mechanism to choose a different protocol. Now we can all upgrade our servers to use HTTP/2. The HTTP/2 specification was published as RFC 7540 in May 2015, which means at this point it’s a part of the standard.
0 kommentar(er)
