Filtered By Tag: SSL

Note: Archived Content

This is the archived version of the Zoompf blog. Since our acquisition by Rigor, all our new research and posts on web performance are being published on The Rigor Blog

SSL Performance Diary #4: Optimizing the TLS Handshake

In our prior SSL Performance Diary post, Optimizing Data Encryption, we mentioned there are 2 areas of TLS that can harbor performance problems: Encrypting the data. Data sent back and forth between visiting web browsers and your web server must be encrypted and decrypted. If not configured properly, your page load times can become much […]

Read More

SSL/TLS Performance Diary #3: Optimizing Data Encryption

This post is one in a series of posts about properly implementing SSL/TLS. This post is excerpt from our recent Moz article, Enabling HTTPS Without Sacrificing Your Web Performance. We’ll cover additional topics from this article in future posts to our SSL Diary. In previous SSL/TLS diary posts, we discussed optimizing the certificate chain, as […]

Read More

SSL Performance Diary #2: HTTP Strict Transport Security

This post part of a series, where I discuss the steps I am taking to implement SSL on a website while simultaneously improving its performance. I previously discussed optimized SSL certificates. Today I’ll discuss a super easy SSL performance optimization that everyone should be doing: HTTP Strict Transport Security. When we were designing the web […]

Read More

SSL Performance Diary #1: The Certificate Chain

Adding support for encrypted SSL connections to a website doesn’t have to reduce the performance of your site. SSL can be properly configured so that it provides security and confidentiality, with minimal impact on the website’s page load time. In fact, SSL is a necessary step to implementing SPDY, which can actually improve the performance […]

Read More

Announcing SPDYCheck: The SPDY Lint Tool

Steam seems to be building up behind SPDY, the next generation web transportation protocol. I wrote back in June that the majority of web browsers speak SPDY, and the majority of web servers are capable of speaking SPDY. Last week, the IETF rechartered the HTTP Working Group to develop HTTP/2.0 based on SPDY. While the […]

Read More

Explaining the CRIME weakness in SPDY and SSL

There is an interesting new security weakness discovered in SPDY and SSL/TLS that allows attackers to decrypt the session cookies for other websites. This weakness, known as CRIME, was discovered by Juliano Rizzo and Thai Duong. They will present their full findings at the Ekoparty Security Conference in Buenos Aires later this month. Since SPDY […]

Read More

Zoompf Check #300! Or: Gateway’s got a problem…

People often ask how we discover new performance issues. Without a doubt the #1 way we discover new issues is simply by looking at websites and seeing how they work. Not a customer engagement goes by where we don’t find at least one new web performance issue that we add to our growing database of […]

Read More