TLS 1.3 and OCSP Stapling -Two Ways to Make HTTPS Sites Faster

For the last few years, the trend of moving towards encrypted browsing through HTTPS has been one of the most important developments on the Internet. With the free SSL certificates by Let’s Encrypt and Google openly promoting HTTPS protocol over the more widespread, but unsecure HTTP one, more and more sites have started to use SSL certificates.

We, at SiteGround, are very excited to announce that two recent developments in this area - TLS 1.3 and OCSP Stapling, which will make HTTPS sites faster, are already available on all our servers. Read below to learn how people using SSL will benefit from these innovations.

What is TLS 1.3?

The Transport Layer Security (TLS) protocol is the successor to the Secure Sockets Layer (SSL) protocol and is used by all sites that have an SSL certificate. (Actually a more correct name for these certificates would be TLS certificates, but the SSL turned out to be such a popular abbreviation that it stayed, even after the original SSL encryption protocol was no longer used). The TLS protocol provides secure communication between browsers and servers and the connection itself is encrypted by using the TLS handshake, a shared secret determined at the beginning of each session.

The TLS protocol has gone far too long without a significant update which is why version 1.3 is very welcome news industry-wide. There are two main parts of that update that will improve the web as a whole:

A faster handshake

Performance is important and with the growing percentage of encrypted sites, web encryption has to be as fast as possible. TLS 1.3 introduces improvements in the handshake, the secret code that enables a secure connection between a website and a browser. These improvements increase the speed of establishing encrypted connections.

Better security

TLS 1.3 removes obsolete and vulnerable features from TLS 1.2, including SHA-1, RC4, DES, 3DES, AES-CBC, MD5, and more.

How to enable and use TLS 1.3

You don’t have to do anything to use TLS 1.3, except wait for the browsers to start supporting it. All sites hosted at SiteGround are enabled with TLS 1.3, so no matter what browser is accessing your site and whether or not it uses TLS 1.3, you’ll know your site is ready. The moment major browsers release an update in which they default to TLS 1.3, it will immediately start working for your encrypted sites without any hassle at all.

What is OCSP Stapling?

All our shared and cloud servers are now utilizing OCSP (Online Certificate Status Protocol) stapling, which helps keep user information secure while decreasing the loading time. By allowing the browser to retrieve the SSL certificate information from the server directly instead of falling back to the Certificate Authorities server for each request, it improves the loading speeds for all SSL encrypted connections.

How does it make your site faster?

Each time you make a request to a page via HTTPS, the validity of the SSL certificate is checked. Certificates are issued by Certificate Authorities (CA) and on each request, the browser checks whether it's valid. With OCSP Stapling enabled, that check is handled by the server and your visitor’s browsers don't have to do it on every request.

How to use OCSP Stapling?

If you are on our shared or cloud accounts, you're already getting all the benefits of the OCSP Stapling for your sites with SSL certificate enabled Our DevOps team has rolled out an update on all our servers, enabling the technology for everyone. All you need to do is sit back and enjoy fast and secure web performance on your sites.

Product Development - Technical

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

8 Comments

  1. Reply October 10, 2018 / 09:24 EricSiteGround Team

    Great news indeed! Faster sites are always appreciated by all.

  2. Reply October 10, 2018 / 11:19 BillSiteGround Team

    Yes, thank you for staying on top of these advances to make our sites as fast and secure as possible, and for keeping us informed.

  3. Reply October 11, 2018 / 14:18 JukkaSiteGround Team

    Thanks!

  4. Reply October 12, 2018 / 05:27 JohnRichardTLHSiteGround Team

    Great update!

    However, as of 11/12/18, we're still seeing TLS 1.2 on our https websites hosted at SiteGround, and even SiteGround's home page (https://SiteGround.com).

    I've confirmed my Computer & Browser is TLS 1.3 capable.
    Running Windows 10/1803;

    To Test:
    In GoogleChrome, go to https://istlsfastyet.com, F12, Security Tab, shows TLS 1.3
    In our websites & SiteGround.com, same steps reveal TLS 1.2

    Can you confirm that TLS 1.3 is enabled on all SiteGround Sites, or are you rolling it out? Is there anything we need to do in our Site Settings?

    Thanks

    • Reply October 12, 2018 / 05:48 Hristo PandjarovSiteGround Team

      SiteGround.com is hosted on a server infrastructure different than our shared packages, it's updated through a completely different deployment workflow and has a highly customized setup in order to accomodate all our needs.

      This said, TLS 1.3 Final is enabled on all our accounts. As I've mentioned in the blog post, what Google Chrome call TLS 1.3 is not the final version and you might get false checks. Here's an accurate test of my personal site hosted on a regular SiteGround account. There's nothing you need to do, but to wait for browsers to catch up and start supporting it natively 🙂

      https://dev.ssllabs.com/ssltest/analyze.html?d=pandjarov.com&hideResults=on

  5. Reply October 25, 2018 / 08:26 Eric McGraneSiteGround Team

    Siteground, leading the way as usual. Thanks for everything.

  6. Reply October 30, 2018 / 16:51 JackstinSiteGround Team

    Hey Hristo - This is awesome news.

    Unfortunately with the latest version of Chrome 70

    We are getting this error:
    ERR_SSL_VERSION_INTERFERENCE

    We have a support ticket in with the help desk and we can't seem to find a tech support agent to help mitigete this issue. Would you mind poking your head a support ticket #2892753 and see if you could shine some light on the matter?

    • Reply October 31, 2018 / 02:24 Hristo PandjarovSiteGround Team

      The problems are caused by a custom setting of your cloud server that you've requested year and a half ago. We've removed the support for TLS 1.0 since then. Please, check your ticket, it will be updated shortly with details on the subject. Generally, there's no issue with the TLS 1.3 implementation, but an old configuration that blocked it from working properly 🙂

Reply

* (Required)