What is SSL and When Should Use it?
SSL (Secure Sockets Layer) is the predecessor of TLS (Transport Layer Security), both are cryptographic protocols used at communications security in a computer network. SSL is used at web browsing, faxing, email, VoIP and at large business and community websites such as YouTube, Twitter, Facebook, Google, and Yahoo and so on.
How SSL works
- The user enters a website using a browser that connects to a server secured with SSL. In this case, the user can see that the address of the web site starts with https:// else starts with HTTP://.
- Browser requests identification data from the server.
- Servers approve the request sending a copy of its SSL Certificate.
- Browser verifies the certificate.
- If the certificate is unexpired and valid, the browser sends back a symmetric session key.
- The server receives the key.
- Server sends back an acknowledgment in order to start the secure session with the browser.
- Both server and browser now communicate together in a secure environment.
The SSL Certificate contains information such as Domain name, the name of the company that owns it, public key, the date when it was issued and expires and who issued.
Where SSL is used
If a website is collecting private data such as credit card information, passwords, phone number, health records, and street address and so on then that website needs to have SSL enabled.
Usually, websites such as online shops, bank software and service providers use SSL to encrypt the information needed to make a payment or to make other financial transactions.
There is also software that use SSL such as Yahoo Messenger, Trillian, Skype that offer login forms and the possibility to buy extra content but also Steam, League of Legends, Smite that are used to buy games or additional content for games.
How to verify if a website has SSL
You can easily verify if a website has SSL by watching in the used browser to see if there is a green lock near the website’s address. There are websites that don’t have the green lock, but they use SSL when you log in or make other private operations. In this case, you will see the green lock only at the specific pages and not at every page of the website.
Types of attacks against SSL
There are multiple types of attacks against SSL like
- BEAST attack
- CRIME attack
- BREACH attack
- Version rollback attack
- Timing attack
- Renegotiation attack
- POODLE attack
- Truncation attack
- RC4 attack
- BERserk attack
- Downgrade attack
- Bar Mitzvah attack
- Freak attack
- Stripping attack
How to enable SSL in your browser
You can enable SSL in your Chrome browser going to the menu icon on the toolbar, then select Settings, click Show advanced settings and Content Settings and at the Privacy section enable SSL in the HTTPS/SSL section making sure to check for server certificate revocation check box is selected.
On Firefox, you can see SSL Certificates at Options, Advanced tab and at Certificates sections pressing the View Certificates button. They are filtered after the author type as follows your own certificates, people, servers, authorities and others.
SSL Certificates – Where to Get One?
Comodo offers EV SSL Certificates for $99 for a year and Wildcard SSL Certificates beginning from $404.95 with following features: fast issuance and validation, free TrustLogo boots conversions, 30-day money back guarantee, support, unlimited server licenses, 2048 signature and 256-bit encryption, point-to-verify technology.
Symantec has EV SSL Certificates from $995 and Pro EV SSL Certificates from $1499 and other SSL Certificates including features such as credentials used to establish an online identity, data encryption, and extended protection and so on.
GoDaddy offers 24/7 support, security experts, strongest encryption available, automatic setup for a GoDaddy-hosted account and security seal with an SSL Certificates that costs from $63 on the year and $70 when you renew. All plans include SHA-2 and 2048-bit encryption, unlimited free reissues, Google search ranking boost and so on.
DigiCert SSL Certificates cost from $175 to $595 on a year and they have features such as 2048-bit, 128-bit, 256-bit encryption, SSL v3 and TLS compatible, browser and mobile devices compatibility, secure seal, unlimited server license, strong authentication, and support and so on.
NameCheap has certificates that cost $87 a year and has site seal, browser ubiquity, encryption level, top-tier support.
There also online shops or local web host companies that sell SSL Certificates from Comodo, Certum, RapidSSL, Thawte, GeoTrust and so on.
Types of SSL Certificates
- Extended Validation (EV) is used for high security in browsers such as Microsoft Internet Explorer 7+, Opera 9.5+, Firefox 3+, and Google Chrome and so on.
- Organization Validation is used for company websites showing different information about the company.
- Domain Validation shares the same browser recognition with the Organization Validation but has the advantage of being issued almost immediately.
- Shared Certificates are provided free on all of shared and reseller web hosting.
- Wildcard Certificates enable SSL encryption on unlimited subdomains using a single certificate.
- Multi-Domain Certificates make possible to secure up to 210 domains with a single certificate.
- Other certificates are Single-name SSL Certificates, Server Authentication Certificates, Unified Communications (UC) Certificates, and Low assurance certificates, Code signing Certificates, Email Certificates, and Root signing Certificates and so on.
So SSL is used in nowadays to secure online cred card transactions, system logins, webmail and applications, workflow and virtualization applications, connection between an email client and email server or other similar software relations using Internet, file transfer over https and FTP, hosting control panel logins and activity, intranet based traffic, network logins and so on.
In the end, I recommend you to always use SSL because you really need to keep secure and private your customers data especially when they log in, change data or use banking information on your website.