Nozak Consulting

HTTPS and SSL

Scott Emigh

If you’re looking into secure website technologies, you might have seen references to HTTPS and SSL; but what is the difference between the two?

Is HTTPS the same as SSL?  Do you need both?

In this post, we explain SSL and HTTPS in detail and talk a little about TLS, the new upgraded version of SSL.

SSL Explained

SSL is short for Secure Socket Layer, and an SSL certificate will give you a way of encrypting information while it travels online. This is particularly important as it ensures that data in transit cannot be intercepted by those with malicious intent. The quickest way to check a website is SSL encrypted is by looking in the top left-hand side of the URL address bar on your browser.

The details of the SSL certificate, such as the corporate name of the owner of the website and the issuing authority can be seen by clicking on the padlock symbol in the address bar.

Who needs SSL on their website?

If you sell products or services online, or you take personal from people, then you absolutely need an SSL certificate. Even if you don’t, having an SSL certificate helps indicate to Google that you are a serious website that cares enough about the online presence of your business to offer visitors a secure surfing experience.

Here are some examples of businesses who need SSL on their website as a minimum-security standard.

  • Those who work with or process legal or medical data
  • If you take payments or financial data online
  • If you collect personally identifiable information
  • Those who have usernames/passwords to authenticate users or enable access to secure data

Does SSL Help Google Ranking?

Yes, having an SSL certificate will positively impact your Google rating. SSL is a Google Ranking Signal, and it has been since 2014.

Where is the best place to get an SSL certificate online?

SSL certificates are usually available to buy directly from your hosting provider or web developer. You must always ensure you buy SSL certificates from trusted providers.

HTTPS Explained

HTTPS stands for HyperText Transfer Protocol Secure, but it is also referred to as HTTP Secure and HTTP over SSL. Ever since the internet came about HTTP was the protocol that was used to move data across the world. HTTP moves data in plain text, which is no longer secure because it is readily available for anyone to read, HTTPS provides a secure method, using encryption to move data over the internet.

HTTPS has been around for some time now; it first came to life in 1994 when SSL and HTTP were put together.

At present, it is thought that around 70% of websites in the US now have HTTPS enabled.

What does HTTPS actually do?

HTTPS benefits both the privacy and security elements of a website. It serves to prevent the unlawful or untrusted from accessing or reading the information that is transmitted through a website. It also prevents cyber criminals from being able to inject malicious code into a website too.

Regardless of whether it is an ISP, a Government or any other organization; you want to know that when you go online, you have some degree of privacy. So, even if there is no sensitive or personally identifiable information being transmitted, HTTPS is one way to ensure that your data remains as private as possible.

What is the difference between SSL and HTTPS?

HTTPS is a combination of the Hypertext Transfer Protocol (HTTP) with either SSL or TLS. It provides encrypted communications and a secure ID of a web server.

SSL is simply a protocol that enables secure communications online. It was originally developed in 1994. Since its introduction, there have been different, more improved SSL products. TLS is the latest ‘version’ of SSL.

Aside from HTTPS, TLS/SSL can be utilized in order to secure other app-specific protocols. Namely, these are; SMTP, FTP, XMPP, and NNTP.

What is TLS, and is it the same as SSL?

Short for Transport Layer Security, TLS is essentially the successor of SSL, yet it is more secure. Despite SSL now having a successor, and because it is still one of the most popular protocols online, using either SSL or TLS are generally regarded as one of the same.

For many years, HTTPS used SSL as its standard protocol. However, there is now a newer version of SSL, which is called TLS. They are quite similar in many respects; but essentially, TLS is the upgraded version of SSL. If you buy an SSL certificate online from a trusted provider, you will most likely get an SSL/TLS certificate.

TLS was actually first introduced in 1999, and it was based on SSL 3.0. TLS is already at 1.2, with version 1.3 currently in development.
In summary, there aren’t a lot of differences between SSL and TLS. However, where your server configs are concerned, switching from SSL to TLS could prove invaluable, and be the decided differentiator for browser security alerts, outdated cipher suites, and network vulnerabilities. In short, for your servers, you need to have TLS Protocols switched on!

SSL Vs TLS

Both TLS and SSL are cryptographic protocols responsible for encryption and authentication between various elements that operate on a network; such as, applications, servers, and machines.

TLS supersedes, and as such, it is considered to be more secure. Despite newer versions of SSL being released in order to address specific weaknesses that came to light, along with addressing the growing demands to be able to support more robust algorithms and cipher suites.

Do I need to change from SSL to TLS?

There is no need to be concerned at present with needing to upgrade your SSL certificates. Remember that your certificates are not specifically dependant on any protocols. The specific protocol that is used is actually determined by the configuration of your server, and not the certificate itself.

Summary

HTTPS and SSL are intrinsically connected. HTTP and HTTPS are communication protocols, and SSL/TLS are the means by which those communication channels are secured. Most people who use a modern SSL certificate will also benefit TSL, as long as their servers have been configured correctly to accept this new protocol.