SSL


SSL (Secure Socket Layer) encryption provides a secure connection between client and server. It is an Internet protocol that allows sensitive data (such as payment information, credit card data) to be encrypted and thus rendering it unreadable to third parties. In addition, a certificate confirms that the server is trustworthy. Currently, it is also called TLS (Transport Layer Security), which is synonymous.

Relevance[edit]

SSL is a common encryption method for HTTPS connections. Such connections are established when sensitive data are to be sent through the connection. This primarily includes websites where the user has a password-protected account. Without this secure connection, no online banking, e-mails, online shops or social networks would be possible, even vacation trips could not be booked online. Thus, encryption technology such as SSL has a very high importance for the modern internet company.

600x400-SSL-01.png

SSL certificate[edit]

The SSL certificate is used to authenticate the website owner. Especially in e-commerce, it is very important to encrypt the data transmission using an SSL certificate, since the SSL encryption only protects data transmission from server to client. It is important that the provider can be identified especially for transactions such as payments. This can be done using an SSL certificate. In addition, such a certificate provides trust and can convert a visitor into a customer.

Content and functions[edit]

By clicking on the "https" in the address line, each user can read the used certificate. It provides information about the certificate issuer and the owner. A creator is, for example, VeriSign, Inc. It verifies the owner and can prove them as trustworthy. The certificate thus serves as proof that the page owner actually exists and is an honest seller, banker or the like. The certificate also includes an expiration date. SSL certificates are available in 128-bit and 256-bit versions. The latter is considered safer.

Variations[edit]

Not every certificate is equivalent. There are validation steps that validate different things and thus represent different safety levels. The weakest is the domain-validated certificate. This only checks whether the domain’s email address is considered to be administrative. This validation level does not protect against attacks like phishing. Furthermore, there are, for example, certificates that validate the organization. The high level of security, as required in the case of bank connections is guaranteed by an EV-SSL (Extended Validation) certificate. If a high-quality browser is used with an https connection, the address bar is partially colored green only with this certificate. A company only gets an EV-SSL certificate after a detailed, extended, and unified verification. This ensures high-level authentication.

Legal issues[edit]

From a legal perspective, digital authentication is questionable. Digital documents are often not legally binding. A Signature Regulation has been in force Germany since 2001. Everything with regard to the SSL certificate is regulated with this Signature Regulation. The Federal Network Agency is the highest certification body. It may appoint accredited certification bodies.

Security[edit]

Nevertheless, the data transmission is secure and cannot be accessed by third parties. However, SSL cannot affect how the website operator handles the data he is entrusted with. If it is stored unsecured on a server, it is not protected against hacker attacks. Encrypted search is also based on SSL encryption. It can be used to encrypt the user’s data so that it cannot be tracked.

How it works[edit]

Different types of encryption[edit]

SSL encryption ensures a more secure connection between a server and a client. Application protocols such as HTTP, IMAP, POP3, SMTP, which are transmitted in encrypted form, are secured with it. This protects sensitive data against unwanted manipulation and access by third parties. Cryptography methods are used such as:

  • symmetric encryption (one key only)
  • asymmetric encryption (two keys)
  • hash function (canvas fingerprint).

Broadly speaking, it is checked whether the sent and received data match 100%.

Browser support[edit]

All known standard browsers support SSL encryption. No problems should arise if browsers such as Chrome, Firefox, Safari, as well as current versions of Opera and Internet Explorer are used.

Advantages and disadvantages[edit]

  • Sensitive transactions such as online banking would not be possible without encryption. Thus, SSL contributes to the convenience of people. Online shopping saves time.
  • An SSL certificate indicates a degree of trustworthiness to site visitors. The more trust you generate in your potential customers, the more likely you can retain them as your customers.
  • From a technical point of view, a big advantage is that SSL operates independently of the operating system. It (usually) does not matter what kind of browser is used and no additional software has to be installed. Therefore, anyone can establish a connection with SSL encryption without limitation.
  • The quality of the user experience is affected in that the connection takes longer than with regular pages. The server has to do a lot more computing and therefore needs more time.

Criticism[edit]

  • There have been reports in 2010 that connections that are secured by SSL are routinely intercepted by state facilities.
  • In 2011, there was talk about an SSL-GAU. An issuer of certificates was compromised and unauthorized persons obtained already valid certificates. As a result, Heise.de writes that SSL encryption is not a concept for the future.
  • The Heartbleed Bug was revealed in 2014, through which a good amount of data was illegitimately obtained. Webmasters, and online shops, and private users alike were affected. The entire extent is not known.

The issuance and falsification of certificates has been subject to criticism.

Benefits for SEO[edit]

For a long time, SSL encryption of websites was a security feature which was only used for sensitive areas such as the shopping cart or checkout, but rarely across the board. In terms of search engine optimization, there were some concerns about possible problems with duplicate content. This was possible if URLs of a domain delivered the same content with both https and http.

But in August 2014, Google officially declared the SSL encryption of websites as a ranking factor in a blog entry. Google itself has switched over its web search completely to https connections since 2011. For webmasters, the question of more security for the users is now linked with the question of optimal search engine optimization.

In the blog post mentioned above, the authors mention that SSL encryption is a relatively small ranking factor. A comparison is drawn to the far more serious factors such as website content. In addition, webmasters are given a lot of time to switch to encrypted connections.

The extent to which the SSL encryption of websites will impact the rankings in future will remain open (as of August 2014). It can, however, be assumed that especially for highly competitive keyword areas, smaller ranking factors can ultimately be decisive for a higher ranking.