The Congree Standard and HTTPS

Owned by Claudius Hörth
Feb. 08, 2024

By default, the Congree standard specifies that all communication is done via HTTP. The advantages of this solution are explained below.

Tip:

If you want to use HTTPS instead, you must define this in your Congree configuration during installation.

Security

Contents are encrypted at application level. This type of encryption is more secure than SSL/TLS-based encryption. Even in the event of full interception en route, the data cannot be decrypted.

Thus, this implementation does not only satisfy the need for encryption, but also ensures the consistency of the data. Reason: In the event of a content manipulation attempt, the communication will be interrupted immediately. In the case of encryption based solely on SSL/TLS, a manipulation attempt would not be readily noticeable without other measures at the application level.

Performance

HTTP offers a performance advantage over HTTPS, as the communication overhead is lower. Moreover, the connection does not need to be established at the outset. Especially in corporate networks, the initial establishment of connections via HTTPS is often much slower than HTTP.

Another performance advantage is that HTTP communication supports mechanisms such as load balancing and fail-over.

Transport encryption with SSL/TLS involves fixed end points. HTTP supports application routing at application level, which would be much more complicated with SSL/TLS.

Lower Total Cost of Ownership

HTTP communication does not involve any administration overhead for SSL certificates. No root certificates need to be managed, neither on the server side nor on the client side. In this way, the total cost of ownership can be kept relatively low.