Improve Your Privacy and Data Security with TLS Encryption on CDN

Improve Your Privacy and Data Security with TLS Encryption on CDN

The web is a public infrastructure: Anyone can use it. Encryption is a must to ensure that communications over this public infrastructure are secure and private. You don’t want anyone to read or modify the data you send or receive, like credit card information when paying for an online service.

TLS encryption is a basic yet crucial safeguard that ensures only the client (the user’s device, like a laptop) and server can read your request and response data; third parties are locked out. You can run TLS on a CDN for improved performance, caching, and TLS management. If you want to learn more about TLS and how running it on a CDN can improve your infrastructure, this is the right place to start.

What Is TLS Encryption and Why Does It Matter?

TLS, transport layer security, encrypts data sent via the web to prevent it from being seen or changed while it’s in transit. For that reason, it’s called encryption in-transit technology. TLS is also commonly called HTTPS when used with HTTP or SSL, as previous versions of the technology were based on it. TLS ensures high encryption performance and forward secrecy. To learn more about encryption, check out our dedicated article.

TLS is a vital part of the web because it ensures trust for end users and search engines alike. End users can rest assured that their data—like online banking information or photos of their children—can’t be accessed. Search engines know that information protected by TLS is trustworthy, so they rate it higher than non-protected content.

What’s the Connection Between TLS and CDN?

A CDN, or content delivery network, helps improve your website’s performance by handling the delivery of your content from its own servers rather than your website’s server. When a CDN uses TLS, it ensures that your content is encrypted as it travels from your server to the CDN and from the CDN to your users.

With TLS offloading, your server only needs to encrypt the content for each CDN node, not for every individual user. This reduces the workload on your server.

Here’s a simple breakdown of how it works:

  1. Your server encrypts the content once and sends it to the CDN.
  2. The CDN caches this encrypted content.
  3. When a user requests the content, the CDN serves it directly to them, handling all encryption and reducing the need to repeatedly contact your server.

Without a CDN, your server would have to encrypt and send content to each user individually, which can slow things down. With a CDN, your server encrypts the content once for the CDN. The CDN then takes over, encrypting and serving the content to all users, speeding up the process and reducing the load on your server.

Visual illustration of how TLS offloading on CDNs works
Figure 1: Comparison of how content is served with TLS on the web server (left) vs on CDN (right)

Benefits of “Offloading” TLS to a CDN

Offloading TLS to a CDN can improve your infrastructure with improved performance, better caching, and simplified TLS management.

Increased Performance

When establishing a TLS connection, the client and server must exchange information to negotiate a session key. This exchange involves four messages being sent over the network, as shown in Figure 2. The higher the latency between the two participants, the longer it takes to establish the connection. CDN nodes are typically closer to the client, resulting in lower latency and faster connection establishment.

As mentioned above, CDN nodes handle all the encryption tasks. This frees up your server’s resources for other tasks and allows you to simplify its code base.

The four stages of a TLS handshake
Figure 2: TLS handshake

Improved Caching

If your data is encrypted, the CDN can’t cache it. A single file will look different from the CDN nodes for every new TLS connection, eliminating the CDN benefits (Figure 3). If the CDN holds the certificates, it can negotiate encryption with the clients and collect the files from your server in plaintext. This allows the CDN to cache the content efficiently and serve it faster to users.

A diagram comparing TLS and CDN caching processes showing how CDN improves caching
Figure 3: TLS and CDN caching compared

Simplified TLS Management

The CDN takes care of maintenance tasks such as certificate issuing, rotation, and auto-renewal. With the CDN managing TLS, your server’s code base can be simplified, and you no longer need to worry about potential TLS updates in the future.

TLS Encryption with Gcore CDN

With the Gcore CDN we don’t just take care of your TLS encryption, but also file compression and DNS lookups. This way, you can unburden your servers from non-functional requirements, which leads to smaller, easier-to-maintain code bases, lower CPU, memory, and traffic impact, and a lower workload for the teams managing those servers.

Gcore CDN offers two TLS offloading options:

  1. Free Let’s Encrypt certificates with automatic validation, an effective and efficient choice for simple security needs
  2. Paid custom certificates, ideal if your TLS setup has more complex requirements

How to Enable HTTPS with a Free Let’s Encrypt Certificate

Setting up HTTPS for your website is quick, easy, and free. First, make sure you have a Gcore CDN resource for your website. If you haven’t created one yet, you can do so in the Gcore Customer Portal by clicking Create CDN resource in the top-right of the window (Figure 4) and following the setup wizard. You’ll be asked to update your DNS records so they point to the Gcore CDN, allowing Gcore to issue the certificates later.

Gcore Customer Portal showing how to create a CDN resource
Figure 4: Create CDN resource

Next, open the resource settings by selecting your CDN resource from the list in the center (Figure 5).

Gcore Customer Portal showing how to select a CDN resource
Figure 5: Select the CDN resource

Enable HTTPS in the resource settings, as shown in Figure 6:

  • Select SSL in the left navigation
  • Click the Enable HTTPS checkbox
  • Click Get SSL certificate
Gcore Customer Portal showing how to get an SSL certificate
Figure 6: Get an SSL certificate

Your certificate will usually be issued within 30 minutes.

Our Commitment to Online Security

At Gcore, we’re committed to making the internet secure for everyone. As part of this mission, we offer free CDN and free TLS certificates. Take advantage and protect your resources efficiently for free!

Get TLS encryption on Gcore CDN free

Improve Your Privacy and Data Security with TLS Encryption on CDN

Subscribe
to our newsletter

Get the latest industry trends, exclusive insights, and Gcore
updates delivered straight to your inbox.