Only the upside: how to have SSL without the site slowdown

In a way, being a website owner is like being a parent. You do things for the good of your website’s users – like use SSL to provide secure, encrypted connections – but do they appreciate it? Like children being dragged to the dentist, doctor, library, school or any number of museums while on vacation, of course not. Especially since that added security so often comes with slower page load speeds. And if there’s one thing internet users are, it’s impatient.

For websites that require encrypted connections, however, there’s no way around using SSL. The benefits are too important. Fortunately, it’s possible for website owners to have the upside of SSL without the lagging page load times.

Upgrading the handshake

When a browser first connects to a website it generally does so using what’s called the TCP handshake, or the transmission control protocol handshake. With this standard handshake, the browser issues a connection request to the server of the website. The server then sends back an acknowledgment, to which the browser responds with an acknowledgment of its own. With those steps completed, a user can freely use a website.

For many websites, this standard handshake does not provide a secure enough connection. That’s where the SSL or secure sockets layer handshake comes in – it encrypts all information sent between the browser and website so it becomes garbled nonsense to anyone who may be trying to intercept it.

The SSL handshake adds a few extra steps on top of the TCP handshake in order to provide encrypted connections that protect against malicious eavesdropping or man-in-the-middle attacks. The SSL handshake maintains the requests and acknowledgments of the TCP handshake and adds in an agreement between browser and server on method of encryption, a verification process, and a generation of keys used to encode and decode the information being sent between browser and website.

The downside of added security

Generally, when extra steps are added to something, so is something else: time. The SSL handshake is no exception. While the TCP handshake requires just one round trip, the SSL handshake takes at least another two round trips – at the very least doubling how long it takes users to connect to the secure website.

Website owners know that when a website sends or receives any form of sensitive or confidential information, SSL is not optional, it’s a must. Without it, logins, emails, passwords, home addresses and financial information could all be intercepted by an attacker positioned between the browser and the website. Therefore, the increase in time required for an encrypted connection to obfuscate this information should be perfectly acceptable. Should be.

Instead, a survey of online shoppers found that even a one-second delay in page load time accounts for a 16% drop in customer satisfaction. Additionally, 47% of online consumers think a page should load in two seconds or less, and 40% will leave a website when it takes longer than three seconds to load. The fallout from intercepted sensitive information would be devastating for a website or business, so the benefits of SSL do outweigh the cost that comes in the form of lagging page load speeds. Try telling that to site and business owners whose slower site speeds are costing them conversions and sales.

Tell them about CDNs instead

There is an ideal solution to the slowed down secure website issue, and that would be a content delivery network or a CDN. A CDN is a network of proxy cache servers located all over the globe that are designed to store a website’s cacheable content in order to deliver it to users as quickly and efficiently as possible. With a CDN, users are automatically redirected to the server located closest to them, cutting down on how far the requested content has to travel, therefore speeding up the round trip time of the website. When every round trip is sped up, the benefits end up being tripled for a site using SSL, as three round trips are required to make the connection between browser and server.

Content delivery networks provide additional benefits on top of the quickened page load times. Speed is also boosted thanks to the content caching, which eliminates long trips to the origin server. It also improves a site’s performance by optimizing content through the compression of CSS, HTML, JavaScript and image files as well as stripping unneeded characters from the source code, and optimizes network connections and reuses open sessions to improve network efficiency and cut down on bandwidth usage and the resultant bandwidth bills.

In terms of site reliability, a CDN also provides built-in load balancing thanks to its multi-server environment, which provides built-in DDoS protection. Advanced CDNs often provide additional DDoS mitigation, a managed service from DDoS protection specialists that can be deployed in either always-on or on-demand capacities depending on the needs of a website. DDoS attacks are some of the most common and devastating attacks on the web, and have widely been used as smokescreens for data intrusions.

Speaking of advanced CDNs, it’s worth selecting a content delivery network that offers support for the latest internet protocols, including IPv6 and HTTP/2. Automatic support for IPv6 provides compliancy, business and performance advantages of dual-stack IPv4 and IPv6 delivery, while automatic support for HTTP/2 further improves page load time and responsiveness, all without requiring upgrades to origin infrastructure.

A website using SSL as well as a CDN essentially has the best of both worlds: secure, encrypted connections and impressive site speed and performance, for the good of users as well as their happiness. This is about where the comparison between being a website owner and a parent ends.