Should I Secure My Website with a Secure Socket Layer?
Secure Sockets Layer (SSL) was the most widely deployed cryptographic protocol to provide security over internet communications before it was preceded by TLS (Transport Layer Security) in 1999. Despite the deprecation of the SSL protocol and the adoption of TLS in its place, most people still refer to this type of technology as ‘SSL’.
SSL provides a secure channel between two machines or devices operating over the internet or an internal network. One common example is when SSL is used to secure communication between a web browser and a web server. This turns a website’s address from HTTP to HTTPS, the ‘S’ standing for ‘secure’.
How Do I Know a Website is Secure with SSL?
Technically, SSL is a transparent protocol which requires little interaction from the end user when establishing a secure session. In the case of a browser, you can tell if a site is using SSL when a padlock is displayed or the address bar shows the URL as HTTPS instead of HTTP.
Here is an example of a website secured with SSL in Chrome 56 versus a website that is insecure.
Why Do I Need SSL?
With so much of our day to day transactions and communications happening online, there is very little reason for not using SSL. SSL supports the following information security principles:
Encryption: protect data transmissions (e.g. browser to server, server to server, application to server, etc.)
Authentication: ensure the server you’re connected to is actually the correct server.
Data integrity: ensure that the data that is requested or submitted is what is actually delivered.