Pros And Cons Of SSL / HTTPS / TLS

Pros and Cons of SSL
Pros and Cons of SSL

When it comes to the pros and cons of implementing SSL on your web server, there are real disadvantages as well as those that are merely myths. We’re going to break it down and give you the information you need to know to make an informed decision.

Taking security seriously is more important than ever when it comes to doing business online – even if you’re a publisher and not selling any physical goods or services. We got the idea for this post after seeing one over at the Nexcess blog. This is our own take on the SSL debate.

Disadvantages of SSL

As we already mentioned, it’s important to know what are actual disadvantages when it comes to SSL.

  • Cost of Certificate – It is possible to get a free SSL certificate, but this isn’t recommended for a lot of reasons. Depending on the type of cert you buy, the price will vary quite a bit. However, when you consider the added level of security, the cost isn’t really prohibitive for most websites.
  • Mixed Modes – If your SSL implementation isn’t setup correctly and you still have some files being served via HTTP rather than HTTPS, visitors are going to get a warning message in their browser letting them know some of the data isn’t protected. This can be confusing to some website visitors.
  • Proxy Caching – Another possible problem is if you have a complex proxy caching system setup on your web server. Encrypted content isn’t going to be able to be cached. To get around this, you need to add a server to handle the encryption before it gets to the caching server. This will require additional costs, but it’s a good way to make sure you’re encrypting your visitors’ data when they’re accessing your website.
  • Mobile – When SSL was first implemented, it was meant for web based applications. While the ability to go beyond HTTPS has come a long way in the last few years, it can sometimes be a pain to setup and might require changes to in-house software or buying additional modules from application vendors. Still, for everything that is on the web or accessible via a web browser, SSL / TLS is definitely the way to go. (Steve Taylor and Joanie Wexler at Network World had an article with more information on this.)

As you can see, there are a few things you need to think about before setting up SSL, but in most cases the “problems” aren’t that hard to get around or figure out.

Advantages of Implementing HTTPS

Next, we’re going to take a look at some of the major advantages of using SSL / TLS on your web server(s). When set-up the right way, using HTTPS can secure data being entered by your website users so that it can’t be read by third parties. Here are the major pros to using SSL.

  • Trust – If you get an EV certificate that shows the green address bar in the browser, you’re going to be giving your visitors a sense of trust. And when they know you’re taking their security seriously, they’re going to be appreciative.
  • Verification – One of the best things about installing an SSL certificate on your server is that it guarantees your visitors you really are who you say you are. This is important when trying to do business online.
  • Integrity of Data – Additionally, with SSL, you can guarantee integrity of data. For example, without SSL, it’s possible to not only intercept data going to and from the web server, but to change it as well!
  • Google and SEO – Last but not least, you have to take into consideration the recent announcements by Google that they’re going to be using whether or not a server uses SSL as a ranking signal.

Myths About SSL / TLS

For one reason or another, a lot of rumors and myths about TLS / HTTPS are online. Here’s a look at some of the FALSE disadvantages that aren’t really a problem.

  • Resource Hog – When setup correctly, SSL is not going to eat up all your server resources. While this may have been true ten years ago or more, this isn’t the case these days on most modern servers.
  • Latencies – Another problem people worry about needlessly is that setting up SSL on their server will cause all of their web pages to load slower in browsers when people view them. Just like the last point, this just isn’t the case.
  • Cache Problems – In the past SSL could cause problems if you had a system of caching setup on your web server, but this isn’t the case for most servers these days. That said, Internet Explorer 6 may still have problems.
  • Scary Warning Messages – Another thing that’s not really a problem is the myth that installing an SSL certificate will lead to a lot of scary error and warning messages. This is only true if you don’t set it up correctly, and it’s really not that difficult to be honest. (A post at StackExchange has more about this and other myths.)

Is SSL/TLS Really a Necessity?

Looking at the information above, it’s pretty evident that SSL comes with a lot of advantages and not so many disadvantages. If you haven’t setup your web server to use HTTPS already, you need to get started. We have some great guides and FAQs on this website that will help you get everything going correctly. Or you can reach out to us and see if we can help, including giving you an idea of what type of SSL certificate you need.

And if you see anything missing from our lists above, please leave us a comment and let us know. We love to hear from all our readers – especially when they’re adding relevant information to the conversation. When it comes to using HTTPS, there’s a lot of misinformation and myths floating around the internet. Part of our job on this site is to make sure you know what’s real and what’s just made up. Thanks for reading!