About SSL/TLS
TLS (Transport Layer Security) and SSL (Secure Socket Layers) are cryptographic protocols which encrypt data and authenticate internet connections. The terms SSL and TLS are often used interchangeably, though in reality, TLS is simply a newer version of SSL.
The most recent SSL/TLS protocol is TLS 1.3, which has been supported in LiteSpeed products since before its official publication in August of 2018.
You can trust LiteSpeed to support all of the latest technologies in our server products, including SSL/TLS, and to act quickly when new vulnerabilities are discovered in any protocol that we support.
LiteSpeed SSL Features
LiteSpeed takes your system’s security seriously with important SSL/TLS security measures like these.
-
Forward
SecrecyForward secrecy protects data on the network transport layer, by ensuring that past communications cannot be decrypted, even if secret keys are compromised. LiteSpeed achieves this through periodic automatic rotation of the SSL session ticket. -
SSL Renegotiation
ProtectionGenerating an SSL key incurs substantial overhead, and may bring down a server if executed continuously. LiteSpeed's SSL Renegotiation Protection caps the number of times a client can renegotiate SSL materials, closing this loophole. -
Downgrade Attack
PreventionLiteSpeed supports TLS_FALLBACK_SCSV, a Signaling Cipher Suite Value (SCSV) that prevents TLS protocol downgrade attacks. -
OCSP
StaplingOCSP (Online Certificate Status Protocol) allows the presenter of a certificate to "staple" a time-stamped OCSP response, signed by the Certificate Authority, to the initial TLS handshake. This eliminates the need for clients to contact the CA, which potentially improves both security and performance. -
Security Against
Known VulnerabilitiesWhen new vulnerabilities are exploited in SSL, LiteSpeed acts fast (often within hours) to ensure your sites are protected. LiteSpeed currently offers protection against these known vulnerabilities, and remains vigilant against future potential threats: