Secure Sockets Layer, commonly referred to as SSL, is the technology that establishes an encrypted connection between a web browser and a web server, creating a secure path to transfer information. SSL encryption enables secure communication over the internet.
Where Did SSL Come From?
In the beginning of the world wide web, all data was transmitted as plain text. If someone was able to position themselves between the browser and server, all of the information that was being transferred over that connection could be seen and read by the third party. In order for the internet to become a catalyst for commerce and communication of sensitive data, securing private information would be critical to the web’s ability to function as a tool for business and government. Enter SSL.
In 1994, Netscape’s parent released an SSL-enabled browser and web server called the Netsite commerce web server, satisfying a growing demand for securing browser communications. Since then, SSL has achieved widespread adoption and exponential gains in encryption strength.
Beyond securing website communication, the design of SSL also allowed it to be be adapted to all kinds of applications and protocols. FTP, Email, Instant Messaging and Voice Over IP (VOIP) protocols could all be encrypted and protected by Secure Sockets Layer technology.
More recently, by adding TLS (Transport Layer Security) we are able to turn insecure HTTP into secure HTTPS, adding a layer of security and privacy to web browsing and email communications.
When Should You Use SSL on Your Website(s) and Services?
All the time.
Originally, due in part to the cost of SSL certificates and implementation, the need for a dedicated IP address, and slower data transfer, SSL was reserved for situations where payment or personally identifiable information (PII) was being transmitted, or when regulatory compliance was required. However, with the recent advent of free SSL services like LetsEncrypt, the barrier to implementing SSL encryption for all of your website and email communication is significantly lower, and highly recommended.
Some examples where SSL encryption is absolutely necessary include:
- PCI compliance for processing credit card payments
- HIPAA compliance for medical communication
- SEC compliance for financial firms
- PII data submissions like web forms
- Username/Password submissions
What Are the Benefits of Running My Entire Website over SSL?
Even if your website is not handling credit card payments, communicating personally identifiable information, or bound to any regulatory compliance, running all of your connections securely over HTTPS still provides benefits. Some of these benefits include:
- Improving your search engine rankings (Google prefers to serve secure HTTPS content)
- Showing users that you value the security of their information
- Participating in creating an encrypted, more secure, and more private internet