Balancing Performance and Security of SSL/TLS Deployments

On 11th December 2014 at The Financial Times as part of Balancing Performance and Security of SSL/TLS Deployments

With the surveillance revelations of 2013 and an general push towards using more secure means of communication (such as through protocols like SPDY and HTTP/2.0) an understanding of HTTPS (and the underlying SSL/TLS protocols) is becoming more and more important.

Using HTTPS means balancing two competing requirements: performance and security. Understanding large range of SSL/TLS ciphers (such as 3DES, RC4, AES-CBC, AES-GCM, ChaCha20-Poly1305) takes some understanding from both a performance and security perspective.

Throw into the mix the fact that not all clients (i.e. web browsers) support all those protocols and the fact that some of them have serious security problems and you’ve got a recipe for confusion. And that different ciphers have difference performance depending on the computer (for example, an Android phone and a desktop Mac have very different performance characteristics).

This talk will detail the following:

1. A refresher on how SSL/TLS works explaining the authentication and encryption.

2. A refresher on the various SSL/TLS ciphers used for encrypting the data stream.

3. A look at which ciphers are believed to be insecure.

4. A look at the performance characteristics of different ciphers on different browsers and hardware.

5. Concrete recommendations on how to choose the best selection of SSL/TLS ciphers for both performance and security and achieve an A+ rating on the SSLLabs test.

View session slides

Presented by

John Graham-Cumming

CTO of Cloudflare; Ever mindful of Article 133 US UCMJ


John Graham-Cumming is a British programmer and writer best known for having originated a successful petition to the British Government asking for an apology for its persecution of Alan Turing.

Graham-Cumming is the original writer of POPFile, an open-source, cross-platform e-mail filtering program. He is the author of The Geek Atlas, a travel book, and GNU Make Unleashed, a how-to technical manual for the GNU make program.

In October 2010, he started an organization whose aim is to build Charles Babbage's Analytical Engine known as Plan 28 and has also campaigned for open-source software in science. In 2014 he launched his microblog MovieCode site, the intention of which is to connect film screenshots to specific extracts of source code.


Balancing Performance and Security of SSL/TLS Deployments


11th December 2014

Skill level