Two good reasons to use ssl today

If the increased need for privacy (especially in some countries) isn't enough to convince yourself that using SSL might be a good idea, even on non e-commerce websites. Then read on, i found to pretty good reasons that might make you change your mind...

1)I have read an article on SearchEngineLand in which they reported that on iOS6 Google doesn't send ANY referrer data to a website anymore: "Safari Shifts To Google Secure Search in iOS 6, Causing Search Referrer Data To Disappear. This behavior appeared with the release of iOS6, this is because on iOS6 the safari browser sends search queries made in the search box to the SSL encrypted version of Google. Google apparently doesn't send any referrer data to websites that are listed in the results but that don't use SSL. There is no explanation why no referrer data is passed at all. But the reason they query terms doesn't get passed from SSL google to a non SSL website is clear. If the wants to use the SSL version of google search, to search for something, its probably because of privacy concerns. It would be paradoxical if google would send the keywords of the user search to a not SSL encrypted website and allow a spy to get the keywords he was unable to get on the SSL encrypted Google search website, on that non SSL website the user was redirected to. The website reached through SSL Google could maybe use the referrer data and pass this data to it's statistics tool over a non secure connection or maybe display the search query terms coming from google on a page of its non encrypted website. The spy that was unable to get the search term on google could then get the query term on that website and therefore make SSL google searches useless.

If you want google to send you the all the referrer data, you need to ensure that your website by default serves encrypted pages. This means that google should only index the SSL encrypted version of your URLs and therefore redirect the user to those encrypted pages. If your server only redirects to an SSL version of your pages in some situations, for example after a use logged in, this still won't make google send you the referrer data.

Why is referrer data important and therefore SSL. Because without any referrer data your statistics software won't be able to know if the user typed in the url of your page in his browser address bar (direct access to your page) or got redirected to that page after it made a search on a search website. The source of the hit will therefore be unknown for you. So if you want to get all the referrer data from google (from users that used the iOS6 safari search bar), ensure that your server serves content is served using SSL by default.

2)Because it will make your website faster! How is that? Maybe you heard in the past that SSL may slow down websites because the server needs to encrypt the content using your certificate data before it can send the data to the user. This is right, pages served with SSL enabled will need more server power then non-SSL pages. This is because your server processors will have to work more. In the past website owners didn't like to use SSL because it used Processor performance, this is still true but today it's not really a problem anymore. Performance does not decrease a lot anymore with modern SSL tools like openssl. Your processor, i'm pretty sure, will be able to handle the increased workload without problems if you use SSL software that is up to date and you own a server that isn't older then several years.

But still SSL pages will slow down your server, so how can SSL make my website faster? The trick is to use the new google SPDY protocol to serve your pages. If you want to use Spdy, you will have to have an SSL certificate and serve pages using SSL. The big advantage of using SPDY, is that all the files of your webpage can be served simultaneously at once. With HTTP 1.0/1.1 your browser will only be able to get 3 files at once from a single domain. I know there is a trick if you want to serve more then three files at once even without SPDY. You can serve files from different domains or sub-domains helps to increase the amount of simultaneous downloads, because the limit is based on domains. But it's lot of work having different domains for every third file, especially if every webpage you serve uses several dozen files. With the SPDY protocol all your files will get served at once, altogether even if they are hosted on the same domain. Try out loading pages with SPDY enabled and disabled, you will notice that when using Google Chrome inspector and looking at the NetWork tab or using Firefox and Firebug that pages will load faster when SPDY is enabled because all the files get downloaded together.

SPDY does not work with every browser an can't be used on every server but (most of them) some do. Hopefully more servers and browser will support SPDY.

First, the clients that support SPDY today are: the newest versions of Firefox (11+) and Chrome (Chromium) have SPDY support. So users using one of those two browser will benefit from SPDY.

Second the servers that have SPDY modules are: Apache and Nginx, so around 70% of all servers. Apache 2.2 has a SPDY module and Nginx has a SPDY patch that is available for the 1.3 development branch.

search SPDY iOS SSL


 ______    _    _                ___    
|      \\ | || | ||   ____      / _ \\  
|  --  // | || | ||  |    \\   | / \ || 
|  --  \\ | \\_/ ||  | [] ||   | \_/ || 
|______//  \____//   |  __//    \___//  
`------`    `---`    |_|`-`     `---`