Category: Tech Insight

New Content Delivery Network (CDN)

May’s been a busy month here at MIDAS HQ!

Not only have we migrated Certificate Authorities, we’ve also been testing a new Content Delivery Network (CDN) feature in MIDAS.

What does a CDN do?

To explain what a CDN does, imagine viewing a photograph online. That image will be stored on a web server somewhere. Say you’re in the UK and the server where the image resides is located in Australia. It will take your browser longer to establish a connection and retrieve the image from the other side of the world than if the server was located in the same country as you. Now, we may only be talking of a few fractions of a second longer, but if you’re viewing a web page containing several photographs, that can soon add up!

A Content Delivery Network vastly improves performance. It achieves this by storing (or “caching”) a copy of the original photograph on multiple servers all around the world. Then, when a viewer requests the photograph, the CDN serves a cached copy from whichever server is geographically closest to the viewer. This greatly improves the load time for the viewer. It also reduces the load on the original server, as the photograph is served from the CDN “cache” instead.

As a CDN “caches” a source file/web page, it is only suitable for “static” content which doesn’t change frequently, for example, images, JavaScript, Cascading Style Sheets, downloads, etc). “Dynamic” content – content which changes frequently/upon each visit – must still be served directly from the origin server, rather than via the CDN.

CDN Support in MIDAS

In MIDAS v4.18 we unofficially introduced support for serving static resources from a CDN (Cloudflare). This has been automatically enabled for all MIDAS trials and for all new cloud-hosted customers since the start of April. Since then, we’ve been closely monitoring its impact and effectiveness.

Cloudflare Content Delivery Network (CDN)
Cloudflare Content Delivery Network (CDN)

As our CDN trials proved effective and exceeded our expectations, throughout May we’ve been engaged in a phased roll-out of the CDN for remaining cloud-hosted customers. We’re pleased to announce that all cloud-hosted MIDAS systems now have CDN support enabled.

We’re currently seeing nearly 90% of all requests for static resources being served directly from Cloudflare’s global CDN network. This has led to performance improvements and reduction in load times of customer’s hosted MIDAS systems of between 13% – 67%!

We’re sure you’ll appreciate these performance improvements. They’re part of our ongoing commitment to provide the best possible service for our customers! …and we’ve more improvements and enhancements in the pipeline too!


Let's EncryptThroughout May we’ve been migrating our domain’s security certificates. We’ve transitioned from certificates issued by GlobalSign to ones issued by Let’s Encrypt instead.

What Is A Security Certificate?

In essence, a security certificate is what allows you to connect to a website over a secure https connection (instead of traditional, insecure, http). A valid and strong security certificate is what ensures that the connection and traffic between your web browser and the website/service you’re using is encrypted.

What Is A Certificate Authority?

Put simply, a “Certificate Authority” (or CA for short) is an organization responsible for issuing and revoking security certificates. Popular CA’s include Comodo, Symantec, GoDaddy, and GlobalSign to name but a few.

Which Domains Are Affected?

All mid.as domains and *.mid.as sub domains (including our cloud-hosted customer’s domains).

Why Is This Happening?

Our security certificates were due for renewal in June. As part of our continuous commitment to provide visitors to our site and customers alike with the best possible experience, we took the opportunity to review who provides our security certificates. Let’s Encrypt provide HTTPS certificates to over 70 million domains. Switching to certificates issued by Let’s Encrypt allows us to simplify and automate the management of security certificates across our expanding MIDAS network.

Will I Notice Anything Different?

In short, no!

In order to migrate our CA from GlobalSign to Let’s Encrypt, we needed to remove the previous GlobalSign (AlphaSSL) certificate from each *.mid.as domain and install a new Let’s Encrypt certificate in its place. We have being doing this in a phased transition for all *.mid.as domains during the course of May. We’re pleased to report that this transition to Let’s Encrypt is now fully completed.

Here’s how the old and new certificate issuers now look for our *.mid.as domains:

CA Migration to Let's Encrypt
Migrating to Let’s Encrypt

We’d also like to reassure hosted customers that no domains, URLs, or IP addresses have changed as a result of this CA migration.

If you experience any issues or have any concerns, please don’t hesitate to reach out to us and we’ll be happy to help!

A note for cloud-hosted API users

Whilst unlikely, you may initially receive a certificate warning/error when making API calls. This will depend upon your code and development platform/language. Now that the security certificate for your dedicated *.mid.as sub domain has changed, it may temporarily prevent your code/app from working until you accept the new security certificate.

Also, in some rare cases, you may not be able to access the API if your platform/device is listed as incompatible in Let’s Encrypt’s certificate compatibility list.

Finally, please be aware that Let’s Encrypt issues auto-renewing certificates which are valid for fixed periods of 90 days.


As part of our ongoing commitment to the services we provide to our “cloud hosted” customers, we’ll shortly be upgrading our client servers to support HTTP/2.

HTTP/2 is the first major new version of the HyperText Transfer Protocol (HTTP) for two decades. It will eventually replace the previous HTTP/1.1 protocol which was standardized way back in 1997.

The primary goal of HTTP/2 is to overcome many of the shortcomings of the twenty-year old HTTP/1.1 protocol, particularly in relation to how content is delivered over the internet.

HTTP/2 focuses on optimizing the communication and flow of content between web servers and web browsers. When a user connects to a web site, their browser negotiates an HTTP session with the server. The type of session created will vary depending on the features supported by the browser and the server. If both ends support the latest HTTP/2 protocol, the server uses the HTTP/2 protocol to shape and optimize traffic before it passes through the network back to the browser.

Once the browser and server agree to use HTTP/2, they can utilize additional features such as compression and multiplexing to optimize the connection. If either the web server or the user’s web browser doesn’t support HTTP/2, the connection will fall back to the HTTP/1.1 protocol.

Benefits of HTTP/2

One of the main improvements over HTTP/1.1 is that HTTP/2 uses simultaneous connections (or multiplexing). Previously only one resource can be fetched from the server at a time. However with HTTP/2 multiple resources can be fetched over a single connection concurrently.

Another benefit is header optimization. Every request over HTTP contains header information. With HTTP/1.1, many of these headers are repeated over a single session. HTTP/2 removes redundant headers while compressing the remaining headers, leading to performance improvements.

Benefits to cloud-hosted MIDAS users

In terms of MIDAS, the benefit of our client servers supporting HTTP/2 is that users will see notable improvements in page load speed and responsiveness when using MIDAS.

In our pre-testing, we saw page load times via HTTP/2 improve by some 20% over the same pages loaded via HTTP/1.1

When will the upgrade happen?

We’ll be upgrading our client servers to support HTTP/2 over the coming weekend (15/16th July 2017). Other than a quick server restart, no additional downtime is expected. For more information, check our dedicated Service Status site (which already supports HTTP/2!), and follow us on Twitter for updates.

Will I need to do anything?

No action is required on your part!

If you’re running a modern operating system and web browser, you won’t need to do anything. Your browser will already support HTTP/2, and you’ll still access MIDAS in exactly the same way. Once our servers are HTTP/2 enabled over the weekend, your browser will adjust accordingly.

If you’re not running an HTTP/2 compliant browser/operating system don’t worry, you’ll still be able to connect to your hosted MIDAS system over HTTP/1.1 as before. For an improved MIDAS experience though, you may like to consider upgrading your operating system & browser to one that supports HTTP/2.

  • Edge Chrome Firefox Current versions of Edge, Chrome, and Firefox browsers fully support HTTP/2.
  • Safari Current versions of Safari support HTTP/2 on OSX 10.11+
  • Internet Explorer Internet Explorer 11+ supports HTTP/2 on Windows 10 only

UPDATE: Our network is now fully HTTP/2 enabled, and we’re seeing some great performance improvements too!


Disabling TLS 1.0 in early 2017

TLS stands for “Transport Layer Security” and is a cryptographic mechanism used to facilitate secure connections and communications over the internet. Several incarnations of the TLS protocol have been developed over the years (1.0, 1.1, and 1.2), with 1.0 being the oldest and now approaching the ripe old age of 18!

TLS 1.0 is now considered a “legacy protocol” and “weak” by today’s cryptographic standards, as it is susceptible to several vulnerabilities. Modern web browsers automatically default to preferring TLS 1.2 or TLS 1.1 over legacy TLS 1.0 connections, however some older browsers do not support the more modern and secure TLS 1.1/1.2 protocols.

As part of our ongoing commitment to security, in early 2017 we intend to drop support for legacy TLS 1.0 connections to our client servers. The vast majority of users will be unaffected by this change, but if you’re using an older web browser/operating system, you may need to update.

The minimum browser requirements for MIDAS v4.14 (and later) have also been updated accordingly.

The following table of web browsers provides additional guidance as to any action you may need to take to ensure you can continue to access our site/your hosted MIDAS system in 2017:

BrowserVersionComments
Microsoft Internet Explorer11OK (If you see the “Stronger security is required” error message, you may need to turn off the “Use TLS 1.0” setting via Internet Options → Advanced)
9-10OK (When running Windows 7 or newer, however you’ll need to enable TLS 1.1 and TLS 1.2 in Internet Explorer by selecting the “Use TLS 1.1” and “Use TLS 1.2” boxes via Internet Options → Advanced)
Upgrade Required (Windows Vista, XP and earlier are incompatible and cannot be configured to support TLS 1.1 or TLS 1.2 – Please update your operating system)
8 (or lower)Please update to a more recent version of Internet Explorer
Microsoft EdgeAll VersionsOK – No action required
Mozilla Firefox27+OK – No action required
23-26OK (Use about:config to enable TLS 1.1 or TLS 1.2 by updating the security.tls.version.max config value to 2 for TLS 1.1 or 3 for TLS 1.2)
22 (or lower)Please update to a more recent version of Firefox
Google Chrome (Desktop)38+OK – No action required
22-37OK – No action required (Provided you’re running Windows XP SP3, Vista, or newer, OS X 10.6 (Snow Leopard) or newer)
21 (or lower)Please update to a more recent version of Chrome
Google Chrome (Mobile)Android 5.0+ (Lollipop)OK – No action required
Android 4.4.x (KitKat)Device Dependent (Some Android 4.4.x devices may not support TLS 1.1 or higher. Please refer to your device manufacturer if unsure)
Android 4.3 (Jelly Bean) (or lower)Please update to a more recent version of Android
Apple Safari (Desktop)7+OK – No action required
6 (or lower)Please update to a more recent version of Safari
Apple Safari (iOS)iOS 5+OK – No action required
iOS 4 (or lower)Please update to a more recent version of iOS

Important Information For Hosted API users:

If you’re a cloud-hosted MIDAS customer utilizing the optional MIDAS API, please ensure that your applications and the underlying programming language you develop in can support (and are correctly configured for) TLS 1.1/1.2 connections. For instance Java 6 (1.6) (and lower) and .NET 3.5 (and lower) languages don’t support TLS 1.1/1.2.
If your applications/programming languages do not support at least TLS 1.1, your MIDAS API calls will begin to fail in early 2017 once we disable TLS 1.0.
Please refer to the vendor of your programming language if you’re unsure whether it supports TLS 1.1/1.2, or for assistance enabling such support in your development environment.

UPDATE: 1st April 2017

In advance of dropping TLS 1.0 support across our entire network this year, we’ve initially dropped TLS 1.0 support on our dedicated Service Status site. If you’re not sure whether or not you’ll still be able to access your hosted MIDAS system once TLS 1.0 support is dropped in the near future, please visit https://midas.network. If you’re able to visit this site without issue, then you’ll still be able to access MIDAS going forward.

UPDATE: 1st July 2017

As of today, our servers no longer accept TLS 1.0 connections. If you’re unable to access our site/a hosted MIDAS system, please upgrade your web browser.