amuck-landowner

When should you use SSL?

Nerdie

New Member
Verified Provider
If you can deal with the cost and complexity of running SSL, by all means, do it for everything.

I 100% agree with this. You can get an SSL as cheap as $7. You should always use an SSL if you can.
 

joepie91

New Member
@joepie91


If you look in the right place you can get one for less than $5 a year.


If you are running a web server manually, i assume you have a grasp of the configuration. Adding SSL support only requires 2-3 lines of code. If you want a better cipher strength you don't have to do a lot of research, just add the recommendations by ssllabs or mozilla. If you are using a panel like cpanel its point and click.


In the website section you just have to make sure all the internal and external resources are loaded over https 

$5/year for a rubber stamp is a significant cost if you run many non-commercial projects. It gets far more expensive if you need eg. a wildcard certificate for dealing with subdomains.


As for complexity, you are overlooking many aspects of SSL/TLS configuration (think HSTS and HPKP, for example, as well as the decisions what SSL/TLS versions to support).
 
Last edited by a moderator:

graeme

Active Member
Its more than adding two lines of code - you have to generate a CSR, jump through some verification hoops (usually just email - but some small site domains may not have email set up at all), and so on, upload and download files etc.

I think that is what Let’s Encrypt is changing. StartSSL has offered free SSL certs for a while now, but Let’s Encrypt makes the process a lot easier.
 

HN-Matt

New Member
Verified Provider
These may be helpful:

https://www.eff.org/deeplinks/2011/10/how-secure-https-today
http://www.sott.net/article/275524-Why-HTTPS-and-SSL-are-not-as-secure-as-you-think

In this day and age of well-known NSA spying, everyone keeps saying that the only way to be safe is to use SSL/TLS, commonly known as "browsing with https://".


The sad reality is that HTTPS does virtually nothing to protect you from the prying eyes of alphabet soup agencies - or anybody else with enough knowledge about how these supposedly "secure" connections actually work.


It's true that connecting to web sites with SSL will certainly prevent "script kiddies" and other more winky opponents from eavesdropping on your surfing or otherwise interfering in your affairs. But as for the Real Bad Guys, forget it...

We shall begin by taking a brief dive down the rabbit hole of SSL, hopefully in a way that will make sense to even the least technically inclined among us.

tl;dr abolish Certificate Authorities or bust. The Entire Concept is as rotten to the core as the x86 apple of the Internet's 13 Root Name Servers' eyes... but you already knew that so just install an SSL cert or whatever.



P.S. Obligatory 'controversial alternative': https://github.com/okTurtles/dnschain
P.P.S. Before joining the 'Lets Encrypt' progression toward utopia, you may want to know that its installation process requires connecting to pypi.python.org.
 
Last edited by a moderator:

ioZoom

New Member
Verified Provider
When do you need to use it? What if your site isn't public facing is there any benefit in having an SSL?

Whenever you do any type of ecommerce on the internet and need to encrypt sensitive information such as customer data. You wouldn't even be able to get a merchant account with SSL on your site. If your site isn't open to the public than I really don't see any point in having SSL.
 

wlanboy

Content Contributer
When should you use SSL?

  • To secure from data (logins, emails) - plain text is a bad idea.
  • To give the user the possibility to identify the server

I don't use crypt a lot but signing is a must. Why?
Because crypt is to secure that only the receipiant can read the message but signing is used to ensure from whom the message was sent. All about identity management.
 

HN-Matt

New Member
Verified Provider
At least the default *.pem and *.key values in services like nginx and postfix are set to 'snakeoil'.

Dunno, SS* comes off as a tired old confidence trick to me. Guess it's probably more of a structural problem than anything.
 
Last edited by a moderator:

CenTex Hosting

Member
Verified Provider
if you are going to buy something online I think its a given you have to do it from a provider that has SSL on their site. Depending on what you are looking to buy then I look to see if they have the Green address bar.


A company that is selling online that doesn't have an SSL or an EV Ssl tells me they don't really care about security or that they are not planning on being around long enough for it to really matter. IMO
 

Stevensst

New Member
You will look more "trustworthy" by the green ssl sign to your customers. Also it helps you google rank now as they now count ssl in their algorithms.


And obviously if you store customers's data or do online transactions, then SSL is compulsary.
 

PowerUpHosting-Udit

New Member
Verified Provider
You will look more "trustworthy" by the green ssl sign to your customers. Also it helps you google rank now as they now count ssl in their algorithms.


And obviously if you store customers's data or do online transactions, then SSL is compulsary.

The Green SSL or EV SSLs are costly and can go upto $150/year or even above. These SSLs acts and converts a lot better and builds a better trust as compared to those normal SSLs
 

HN-Matt

New Member
Verified Provider
if you are going to buy something online I think its a given you have to do it from a provider that has SSL on their site. Depending on what you are looking to buy then I look to see if they have the Green address bar.


A company that is selling online that doesn't have an SSL or an EV Ssl tells me they don't really care about security or that they are not planning on being around long enough for it to really matter. IMO

I remember last year when some of the leading Binary Options brokers weren't even bothering with SSL certs, and these are websites asking for credit card details with a minimum deposit of $250. Seemed kind of hilarious, but apparently had no detrimental effect on their businesses.
 

DMMediaLtd

New Member
Verified Provider
Just a hint if you plan to use a CDN at all SSL mite not be the best answer (it can get expensive to add SSL to CDN content)
 

Gustavo

New Member
Verified Provider
If you have e-commerce industry and If you’re serious about doing business online, you need SSL. 
 

graeme

Active Member
Not sure if it is true for VPS businesses, which have a relatively sophisticated customers, but in most businesses you will scare off more customers by having SSL issues (self signed SSL, certificate authorities that are not recognised by all browsers, and an awful lot of things that can go wrong with SSL).

As @HN-Matt says, most people do not notice when you do not have SSL when you should have.
 
Last edited by a moderator:

VPSclub

New Member
If your project involves monetary transactions, or storing user's information, you should go for SSL. It increases the trust of your customers/visitors. If not, there is no need for it.


In case you want that green lock on your site, just because it looks good, try getting free SSL from cloudflare, startssl etc.
 

Localnode

New Member
Verified Provider
The Green SSL or EV SSLs are costly and can go upto $150/year or even above. These SSLs acts and converts a lot better and builds a better trust as compared to those normal SSLs

I got my Comodo EV for $99 per year direct. Not sure how long the offer will last, but still.
Mind you, I looked at all EV providers and chose Comodo over Geotrust not because of the price.

Just a hint if you plan to use a CDN at all SSL mite not be the best answer (it can get expensive to add SSL to CDN content)

There's a few CDN's that allow you to have your own custom SSL for no cost. KeyCDN and CDN77 are two that I know of.
 
Top
amuck-landowner