latest update

Important Google SSL Policy updates for securing your websites over HTTPS

Dear Clients,

Throughout the past year Google has been advocating for a secured content delivery on the websites on SSL/TLS i.e. over HTTPS instead of plain HTTP protocol. We had informed earlier about the upcoming policy of Google where the websites collecting personal information, financial details or passwords were marked "Non Secure" on Google Chrome browser if they were not accessed over HTTPS. We were expecting similar notifications and security measures for other websites and browsers coming shortly.

You may refer to the earlier article here for details: https://helpdesk.technodg.com/announcements-view.php?id=218

Today, this is to inform you that post June 2018, the visitors accessing any websites over HTTP will also be warned with the "Non Secure" warning at the address bar of Google Chrome. So, all websites and web pages will be marked as unsafe by Google Chrome if not delivered over TLS. This is a push from Google to make more websites implement encryption and to better protect end users.

What is HTTPS?

HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user's computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users' connection to your website, regardless of the content on the site.

HTTPS encryption protects the channel between your browser and the website you're visiting, ensuring no one in the middle can tamper with the traffic or spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.

Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:

1. Encryption — encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can "listen" to their conversations, track their activities across multiple pages, or steal their information.
2. Data integrity — data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
3. Authentication — proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

What is SSL/TLS protocol?

The TLS protocol is at the heart of how the internet is secured, but in the past 20+ years since its inception, it has by no means remained static. What began as SSL has evolved through several TLS versions, each one adding new cryptographic techniques and enhancing performance. When using TLS, servers and clients negotiate exactly how to speak TLS to one another, including the version of the protocol and the underlying ciphers.

When a SSL policy is created, two things are specified:

• A minimum TLS version: Setting this to 1.1, for example, means that the TLS proxy server load balancer will only negotiate TLS with clients that support TLS version 1.1 or newer.
• A profile of features: This selects the set of cipher suites that the TLS proxy server load balancer can use.

By default, HTTPS load balancing and SSL proxy load balancing use a set of SSL features that provides good security and wide compatibility. Some applications require more control over which SSL versions and ciphers are used for their HTTPS or SSL connections. You can define SSL policies to control the features of SSL that your load balancer negotiates.

Why do I need it?

Google Chrome is now the most popular browser and is always gaining market share. The current statistics (published by StatCounter) show that up to 67% of desktop and up to 52% of mobile website visits come from Google Chrome browsers only. With the next 3 biggest desktop browsers Internet Explorer, Firefox and Safari not even making a combined 25% of the market share.

The second popular desktop browser, Mozilla Firefox, which claims over 11% of the market share has also announced plans of marking the "Non Secure" websites accessed over HTTP.

Therefore, it is of utmost importance to make your website marketable on the top internet browsers. Other browsers shall also follow and update their policies accordingly to secure their users and enhance their credibility.

Secure your website today!

In response to the above, TechnoDG would be happy to assist you in purchasing and installing SSL certificates onto your website for you to fully secure them as per the upcoming SSL policies. This would ensure that your website visitors are assured of their personal data being secured properly over HTTPS while browsing and transacting on your website.

Please get in touch with your SSL related requirements so that we may guide you accordingly.