Content delivery networks (CDN) are frequently exposed to on-path attacks, data breaches, and attempts to flood the network of the targeted origin server using DDoS attacks. CDNs have strategies to protect against these vulnerabilities, including appropriate SSL/TLS encryption and specialized encryption hardware. As a result of the way the Internet was designed, encryption is necessary in order to protect the data frequently sent to multiple geographic locations as packets, which hackers can easily intercept without the proper protocols.
Transport Layer Security (TLS) developed from Secure Socket Layer (SSL) encryption as a way to correct design flaws in earlier security protocols. TLS protocol provides authentication (verifying identifications), encryption (encoding data), and integrity (detecting forgery and tampering). In order to enable the protection of TLS, a site needs an SSL certificate and a corresponding key. Operating systems and browsers typically offer a list of certificate authorities that they trust completely.
After an exchange of synchronization and acknowledge packets between the client and the server (known as the TCP/IP handshake), the connection allows data to be sent and received, and the TLS encryption handshake begins. The specific components of the TLS handshake extend beyond the scope of this article, but there are three primary exchanges. The client and server negotiate TLS versions and which cryptography cipher to be used in the communication, which both parties then take steps to ensure is authentic. Finally, a key is exchanged to be used in future encoded exchanges. While the TLS handshake slows the loading time of the page slightly, the layers of security it provides are significant, and certain optimizations can be made to accelerate the process.
Looking to learn more? We suggest heading over to Cloudflare’s Learning Center for an in-depth look at TLS handshakes.
Share this:
