All you need to know about SSL handshake
UPDATE — JULY 24, 2018: Today Google began rolling out Chrome 68. Now, Google’s browser will display a “Not Secure” warning next to the website in the address bar if the site is not secured with HTTPS.
Website security has become an important issue these days. With the increase in the amount of data stored on websites, hackers have stepped up their efforts in every sector — from government to banking and healthcare. But it’s not just banks and clinics that should be worried — any website that accepts private data needs the encryption provided by an SSL certificate. But what is the SSL handshake — and what part does it play in website security?
What is SSL?
SSL is a digital certificate that allows a website to be accessed over HTTPS, an encrypted connection. Using a combination of public and private keys, the data is encrypted on the sending end, then decrypted on the receiving end. Thus, hackers are unable to intercept passwords or private data such as names and banking details as it moves between the visitor and the protected website.
One example of an SSL certificate that pairs with any website is GoDaddy’s SSL certificate. When you use a trusted SSL certificate for your website, a green lock appears in the visitor’s browser bar, telling them they are on a secure web page. GoDaddy’s SSLs are recognized by all major desktop and mobile browsers on the market.
When an Extended Validation certificate is used (as in banking websites), the entire business name appears in green in the visitor’s browser bar. This visual cue tells clients they’re safe.
By purchasing an SSL certificate for your website, you can make your website secure and prevent hacking of important information during the online exchange. This protects your visitors and your business, since the loss of data can lead to loss of public trust.
What is SSL handshake?
SSL handshake refers to the secure, encrypted connection that’s automatically created whenever a visitor opens an SSL-protected web page. Once the handshake is complete, anything that passes between the visitor and the protected website is scrambled by 2048-bit encryption. This level of encryption is the highest available and is virtually unbreakable by hackers.
How will the visitor know if the handshake is complete? A padlock icon and HTTPS prefix appear in the visitor’s browser bar, showing them they’re safe to submit private information without fear.
If the website has an EV (Extended Validation) SSL, the visitor’s browser bar will turn green and will display the country code.
What are the different types of SSLs?
Using SSL, you can protect a single website, multiple websites or a website and all its subdomains. The different types of SSL and the businesses for which they are best suited are as follows:
Domain Validation (DV) SSL
For blogs, as well as informational and personal websites, standard DV SSL is a perfect choice. It proves the ownership of the domain, boosts Google ranking and is 2048-bit and string SHA-2 encrypted.
Organization Validation (OV) SSL
For websites that accept emails or passwords, the ideal choice is the OV SSL. It not only proves the ownership of the domain but also validates the organization while boosting Google rank and using strong SHA-2 and 2048-bit encryption.
Extended Validation (EV) SSL
The Extended Validation SSL is the preferred choice for eCommerce, healthcare and financial services websites, where customers want maximum security and peace of mind. To get this certificate, the applicant must undergo an extensive vetting process that starts with an in-depth application.
Once installed, this certificate shows that the business is legitimate by displaying the business name in the green address bar. Like other SSLs, this certificate boosts Google rank and uses the strongest SHA-2 and 2048-bit encryption.
Unified Communications Certificate (UCC) SSL
A UCC certificate secures a primary domain name and up to 99 additional Subject Alternative Names (SANs) with a single SSL. This is useful for companies that have multiple domain names and websites or multiple hostnames within a domain name.
You can protect your primary domain (e.g. lilysbikes.com) and an unlimited number of its subdomains (e.g. shop.lilysbikes.com, blog.lilysbikes.com, help.lilysbikes.com). A Wildcard encrypts all data flowing to and from all of them.
Free vs. paid SSL certificates
In the case of free SSLs provided by companies like Let’s Encrypt, the service is fast, given that the only thing these certificates validate is your ownership of the domain name. Domain Validation SSL certificates can be generated swiftly and painlessly through a completely automated process.
The free SSL certificates need to be renewed after strict term lengths — 90 days for Let’s Encrypt. Both initial installation and updates can be time-consuming and daunting, as free SSLs offer no live customer support to help if you’ve never done it before.
A free SSL is a great option for you if you have technical skills and can make effective use of community forums if an issue occurs.
Paid SSL certificates, on the other hand, can be purchased as DV, OV, EV, UCC or Wildcard certificates. If you need help with installation or anything else, you can reach customer support through phone, chat, or email. Also with a paid SSL, you can choose the renewal length that suits your business needs and budget.
Do all websites need SSL?
The primary goal of purchasing an SSL for your website is to secure private data as it moves to and from your website, thereby avoiding the embarrassment of data loss. After all, you want your customers to trust you. But an SSL certificate will also improve search rankings by showing Google that your website is secure.
After July 2018, having an SSL means you can avoid warning signs that label your site as “Not Secure.” The alert message can certainly turn away any visitors or potential customers who do not want to take risks. This could reduce the number of people who visit your website and become customers.
To sum up
The security of your website is of utmost importance, and it will soon be mandatory for all websites to have SSL certificates. Through the SSL handshake, the connection of the server to the client browser becomes secure and any outside intervention by hackers is avoided. Hopefully, this article has explained the different types of SSL that are available to you so you can choose wisely.
Image by: Fancycrave on Unsplash