The Evolution of Encryption – SSL, TLS and Beyond
By Muhammad Durrani, Sr. Technical Marketing Engineer at Spirent Communications
The momentum for securing more web traffic via encryption has been growing at an exponential rate. The early part of this decade saw Google convert its own services - Search, Gmail, etc. to HTTPS only, and announced that it would use HTTPS as an input in its search ranking algorithm. At the time, Google stated its motives were to "make the Internet safer", which is plausible, as most people around the world access content via Google search.
The initial cynicism from ISPs and other intermediaries on this trend, based on the belief that such a move was self-serving rather than altruistic as it allows these large players to hide valuable analytics data on user behavior, was overtaken by the Snowden leak and other high-profile revelations of pervasive surveillance of end-to-end communications which helped get the public, both in the US and abroad, generally supportive of an all-encrypted web paradigm.
Google and other major industry players further paved the path towards fully encrypted communications by standardizing the next generation of HTTP, called HTTP/2, which removes major performance inefficiencies identified with HTTP over the years. While HTTP/2 does not require TLS, all browser vendors have chosen to implement HTTP/2 with mandatory TLS usage so that web sites that wish to provide the performance advantages offered by the new protocol must use TLS by default. Growth of HTTP/2 enabled sites show an upward trajectory, currently at about 15.5% including most popular websites.
Today, many IP-based protocols, such as HTTPS, eSMTP, ePOP3, eFTP support TLS to encrypt data, which is the successor to SSL. TLS provides secure communications between web browsers and servers because of the cryptography that is used to encrypt the data transmitted. The keys are uniquely generated for each connection and are based on a shared secret which is negotiated at the beginning of the session, also known as a TLS handshake.
In terms of web performance - TLS and encrypted connections have a lot more overhead than their clear-text counterparts – the more you encrypt the more you can expect performance to be impacted. With TLS 1.2, two round-trips were needed to complete the TLS handshake. With TLS 1.3, it requires only one round-trip, which cuts the encryption connection latency in half.
Another advantage of TLS 1.3 is that it remembers sites that you have previously visited, you can now send data on the first message to the server. This is called a "zero round trip." This also results in improved page and application load time times.
In conclusion, it is fair to say that the introduction of HTTPS has led to an exponential rise in encrypted traffic, and TLS 1.3 is expected to be situated for rapid instruct adoption. This is placing new demands on the network to be able to service these applications effectively and is making it harder for networks to maintain visibility on these applications without companies deploying new solutions that either decrypt or use other mechanisms to allow users to "see" what is on the network.