AWS bolsters CloudFront security

Amazon Web Services enhanced the SSL implementation for its content delivery network called CloudFront.

Amazon Web Services said Thursday that it has revamped the SSL approach to its CloudFront content delivery network.

SSL (secure sockets layer) uses cryptography to secure communication over Web connections. CloudFront supported the use of secure HTTPS connections, but AWS said it is adding the following:

  • Improved performance with two features called Session Tickets and OCSP Stapling. Both features allow SSL to be used without code changes.
  • SSL Session Tickets will improve latency as a server exchanges multiple packets of content. In a nutshell, Session Tickets enables faster negotiations over SSL by streamlining server behavior and the "handshake" process.
  • OCSP Stapling improves the validation of an SSL certificate by resolving domain names and certificate validation and attaching the data to content packets.
  • Private keys for each SSL session.
  • Support for that latest ciphers in SSL exchanges.

The features are already rolled out and working in the background. CloudFront customers include PBS, Sega and NASA.