TLS 1.3 and OCSP Stapling -Two Ways to Make HTTPS Sites Faster
For the last few years, the trend of moving towards encrypted browsing through HTTPS has been one of the most important developments on the Internet. With the free SSL certificates by Let’s Encrypt and Google openly promoting HTTPS protocol over the more widespread, but unsecure HTTP one, more and more sites have started to use SSL certificates.
We, at SiteGround, are very excited to announce that two recent developments in this area - TLS 1.3 and OCSP Stapling, which will make HTTPS sites faster, are already available on all our servers. Read below to learn how people using SSL will benefit from these innovations.
What is TLS 1.3?
The Transport Layer Security (TLS) protocol is the successor to the Secure Sockets Layer (SSL) protocol and is used by all sites that have an SSL certificate. (Actually a more correct name for these certificates would be TLS certificates, but the SSL turned out to be such a popular abbreviation that it stayed, even after the original SSL encryption protocol was no longer used). The TLS protocol provides secure communication between browsers and servers and the connection itself is encrypted by using the TLS handshake, a shared secret determined at the beginning of each session.
The TLS protocol has gone far too long without a significant update which is why version 1.3 is very welcome news industry-wide. There are two main parts of that update that will improve the web as a whole:
A faster handshake
Performance is important and with the growing percentage of encrypted sites, web encryption has to be as fast as possible. TLS 1.3 introduces improvements in the handshake, the secret code that enables a secure connection between a website and a browser. These improvements increase the speed of establishing encrypted connections.
TLS 1.3 removes obsolete and vulnerable features from TLS 1.2, including SHA-1, RC4, DES, 3DES, AES-CBC, MD5, and more.
How to enable and use TLS 1.3
You don’t have to do anything to use TLS 1.3, except wait for the browsers to start supporting it. All sites hosted at SiteGround are enabled with TLS 1.3, so no matter what browser is accessing your site and whether or not it uses TLS 1.3, you’ll know your site is ready. The moment major browsers release an update in which they default to TLS 1.3, it will immediately start working for your encrypted sites without any hassle at all.
What is OCSP Stapling?
All our shared and cloud servers are now utilizing OCSP (Online Certificate Status Protocol) stapling, which helps keep user information secure while decreasing the loading time. By allowing the browser to retrieve the SSL certificate information from the server directly instead of falling back to the Certificate Authorities server for each request, it improves the loading speeds for all SSL encrypted connections.
How does it make your site faster?
Each time you make a request to a page via HTTPS, the validity of the SSL certificate is checked. Certificates are issued by Certificate Authorities (CA) and on each request, the browser checks whether it's valid. With OCSP Stapling enabled, that check is handled by the server and your visitor’s browsers don't have to do it on every request.
How to use OCSP Stapling?
If you are on our shared or cloud accounts, you're already getting all the benefits of the OCSP Stapling for your sites with SSL certificate enabled Our DevOps team has rolled out an update on all our servers, enabling the technology for everyone. All you need to do is sit back and enjoy fast and secure web performance on your sites.