A Green Light for TLS
In today’s Internet, the only thing still more important than security is performance. Therefore, any new security control must also be optimized for performance. For CPU-intensive tasks like HTTPS encryption, there are many lesser-known features of the TLS protocol which enable better performance. The F5 mission statement has always been to ensure applications are “Secure, Fast, and Available”. Leveraging crypto acceleration hardware and a proprietary SSL/TLS crypto stack in TMOS enables F5 to implement not only security features of TLS protocols and associated cipher suites, but also the latest performance capabilities.
What are these performance options and extensions in TLS, you ask? Thanks to Ilya Grigorik from Google’s web performance team, we have an incredibly informative web site that details these performance-oriented features of TLS. Not only does IsTLSFastYet.com document these performance features, the site also tracks the implementation of these features by server platform.
As of version 12.1 of TMOS, BIG-IP is now “all green” on IsTLSFastYet.com.
In v12.1, BIG-IP added the last tracked feature in the table above, Dynamic Record Sizing, which enables BIG-IP to optimize the size of the TLS record based on the nature of the connection. Previously, this was a static setting. From IsTLSFastYet.com, you will be linked directly to documentation of each of the features in the table above. It’s notable that F5 now becomes the only hardware-based ADC solution able to check all the performance boxes of the TLS protocol.
If you want more information about optimizing TLS performance and ensuring that HTTPS encryption doesn’t impact page-load time, head on over to my latest article on InformationSecurityBuzz.com where this month’s column dives into deeper detail.