Dynamic selection of security protocol
First Claim
1. A computer-implemented method comprising:
- attempting to establish a secure connection between a client and a server using a first security protocol;
determining whether the secure connection was successfully established using the first security protocol;
based on a determination that the secure connection was not successfully established using the first security protocol, storing information on the client identifying the server as not supporting the first security protocol, wherein the information is stored on the client in a database that stores one or more domains identified as not supporting the first security protocol; and
attempting to establish the secure connection between the client and the server using a second security protocol.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques described herein enable a client to store information indicating whether various hosts (e.g., servers, web domains) support a preferred security protocol, such as a False Start-modified TLS or SSL protocol. The client may then use this information to dynamically determine whether to use the preferred protocol when connecting to a particular host. When the client attempts a handshake to establish a secure connection with a host for the first time, the client does so using the preferred protocol. If the handshake fails, the client locally stores domain or other identifying information for the host so that the client may employ a non-preferred protocol in subsequent connection attempts. Thus, a client may avoid performance degradation caused by attempting a preferred-protocol connection with a host that does not support the preferred protocol. Stored information may include a time stamp enable periodic checks for host capability updates.
-
Citations
19 Claims
-
1. A computer-implemented method comprising:
-
attempting to establish a secure connection between a client and a server using a first security protocol; determining whether the secure connection was successfully established using the first security protocol; based on a determination that the secure connection was not successfully established using the first security protocol, storing information on the client identifying the server as not supporting the first security protocol, wherein the information is stored on the client in a database that stores one or more domains identified as not supporting the first security protocol; and attempting to establish the secure connection between the client and the server using a second security protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A client device comprising:
-
a memory; at least one processor; and a component stored in the memory and executing on the at least one processor to; attempt to establish a secure connection between the client device and a server using a first security protocol that supports False Start; determine whether the secure connection was successfully established using the first security protocol; based on a determination that the secure connection was not successfully established using the first security protocol, store information on the client device identifying the server as not supporting False Start, wherein the information is stored on the client in a database that stores one or more domains identified as not supporting False Start; and re-attempt to establish the secure connection between the client device and the server using a second security protocol that does not support False Start. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer-readable medium storing instructions executable by a client device, comprising at least one instruction for:
-
attempting to establish a secure connection between a client and a server using a first security protocol; determining whether the secure connection was successfully established using the first security protocol; based on a determination that the secure connection was not successfully established using the first security protocol, storing information on the client identifying the server as not supporting the first security protocol, wherein the information is stored on the client in a database that stores one or more domains identified as not supporting the first security protocol; and attempting to establish the secure connection between the client and the server using a second security protocol. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification