Netflix expects to deliver the majority of streams encrypted by the end of 2016

Netflix expects that the majority of streaming sessions will be via https by the end of this year. The company started making its network suitable for encryption last year, in order to protect the privacy of customers.

Netflix is ​​currently adapting its client software for https streams. Ultimately, all Netflix-enabled devices capable of receiving upgrades must receive the encrypted video signal. This should be the case for the majority of the sessions by the end of this year. Netflix expresses this expectation in a white paper called Improving High–Bandwidth TLS in the FreeBSD kernel.

The video vendor claims to use https encryption to ensure customers are protected from eavesdropping by anyone who wants to monitor their viewing habits. However, the company must adapt its infrastructure for the associated overhead.

Netflix eventually opted to use aes in Galois/Counter Mode instead of Cipher Block Chaining because the latter method would require additional computing power. The Intel CPUs of the Open Connect Appliances that Netflix uses to store and serve video content support the AES-NI instruction set to accelerate encryption.

The company was able to further optimize CPU usage and bandwidth through its own tweaks to Google’s BoringSSL and Intel Intelligent Storage Acceleration Library, along with improvements in HTTP client response and request times through optimization of sendfile calls. The latter was realized in collaboration with Nginx. Netflix’s Open Connect Appliances are servers with Intel Xeon chips that run FreeBSD 10.2 and Nginx 1.9. In 2012, such a single OCA could still deliver 8Gbit/s, but today that has increased to 90Gbit/s.