HTTP2 & SSL
what do you need to know
about http2 and ssl?
If you own a website then Cyber security is a serious business for you. Nowadays we share so much of our private information online that, whether we’re sending an email or doing our online banking, it’s never been as important to know that the page we’re on is secure. The first sign of this is often indicated by that wonderful green padlock in the address bar of the browser, but what about when a page isn’t secure – would you notice? There are some changes afoot in browsers that will help you find out how secure you are, and there are some steps you can take to make sure that your customers know your site is secure too.
Just recently both Firefox version 51 and Chrome version 56 will start showing warnings when websites served via HTTP – i.e. ones that aren’t using the secure HTTPS version – have a form on them. This means they will actively notify you when they aren’t secure but are asking for your information. The warning will show next to the URL address bar and is part of a long-term plan to show a warning on all pages that aren’t secured with HTTPS.
Until now, when you visited a website using HTTPS you would see a green padlock in the top left of the address bar, but the changes mean it will actually say when web pages collect passwords but don’t use HTTPS, flashing up with a ‘connection is not secure’ warning.
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site.
Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connection to your website, regardless of the content on the site.
All transferred data is safely encrypted and therefore makes no real sense to the web hacker as they do not have the key to decipher it.
This prevents your website from the so-called man in the middle attacks, when a hacker gets full access to the data transmitted between your site and customers, browsing it.
Data integrity is controlled, which means sensitive data cannot be modified in any way during the transfer and without being noticed.
A certificate guarantees the information a browser is receiving originates at the expected domain. It’s a guarantee that when a user sends sensitive data, it’s being sent to the right place.
That green padlock indicates that you take cyber security seriously and helps give users confidence in your website and handling of data.
It's no surprise that Google prefers sites that are trusted and certified. This is because users can be guaranteed that sites will encrypt their information for further security.
Your next step?
Unfortunately, while an SSL looks set to be an essential protocol for websites going forward, implementing and setting up a secure sockets layer can sometimes be time consuming, confusing, and downright frustrating. This is especially true given the recent changes to Google’s certificate transparency logs, which maintain a list of all publicly-issued certificates and identify fakes and frauds.
If your website gathers any sort of personal data from users, such as names, addresses, or financial details, then it’s time to call in the experts.