HTTPS/SSL

Overview

Out of the box, every Deployment on Epycbyte is served over an HTTPS connection. This ensures that web content is always served over a secure connection, which helps protect users' data and privacy.

Table of Contents

1. Supported TLS Versions
2. TLS Resumption
3. OCSP Stapling
4. Supported Ciphers
5. Support for HSTS
6. How Certificates Are Handled

1. Supported TLS Versions

Epycbyte supports TLS version 1.2 and TLS version 1.3.

2. TLS Resumption

Epycbyte supports both Session Identifiers and Session Tickets as methods for resuming a TLS connection. This can significantly improve Time To First Byte (TTFB) for second time visitors.

3. OCSP Stapling

To ensure clients can validate TLS certificates as quickly as possible, we staple an OCSP response allowing them to skip the certificate verification process for known good certificates. This improves performance and reduces latency.

4. Supported Ciphers

The following ciphers are supported:

• AES GCM
• ChaCha20
• X25519

5. Support for HSTS

Epycbyte supports HTTP Strict Transport Security (HSTS) by default, which ensures that browsers will always use HTTPS for the given domain even if the cache is cleared.

6. How Certificates Are Handled

• Pre-generated certificates: When custom certificates are generated using epycbyte certs issue, their keys are placed in our database and encrypted at rest within the Network layer.
• Certificate rotation: Both the certificate and key are cached in memory for optimal SSL termination performance.

Full Specification

For detailed information on encryption mechanisms, refer to SSL Labs. You only need to make sure to select any IP address of your choice (it does not matter which one you pick – the results are the same for all).

Last Updated

Last updated on July 17, 2024.