SSL Performance
HTTPS isn’t what it used to be. It’s faster, more secure, and used by more websites than ever before. SSL enables HTTP/2, which has the potential to make websites up to two times faster with no changes to existing codebases. Modern TLS also includes performance-oriented features like session resumption, OCSP stapling, and elliptic curve cryptography that uses smaller keys (resulting in a faster handshake). TLS 1.3 reduces latency even further and removes insecure features of TLS making HTTPS more secure and performant than any previous version of TLS and its non-secure counterpart, HTTP.
Cloudflare has even worked to improve the performance of OpenSSL. We implemented ChaCha20-Poly1305, a cipher suite that runs three times faster than AES-128-GCM on mobile devices. We care about performance.
Bewared - they are FREE SELF SIGNED SSL Certificates.
These are at the very bottom of the heap of Trustworthy Certificates.
It will not be long before Google and others single out these type of certificates also.
Let’s Encrypt ARE NOT self-signed certificates.
They are a fully recognized trusted Certificate Authority, that’s excepted by all browsers. Their certificates are identical to paid certificates. Browsers will not except “self-signed” certificates.
Check out theLet’s Encrypt website before you buy one of those paid certificates, just look at some of their sponsors:
Google
Mozilla(Firefox)
Facebook
Cisco
Shopify
GitHub
Did you notice Google is a sponsor? I would sure like to know what heap you are looking at? What type of certificate would they “single out”?
Do you understand the different levels of SSL certificates like EV SS, OV SSL, DV SSL and multi-DV SSL?
Hi Brad, would you mind sharing the sources that you base this on? As far as I know Let’s Encrypt certs are not self signed and “bottom of the heap”. They are respected and accepted by every browser. Their donors and sponsors include virtually all major internet companies. That’s why many web hosters now have them integrated into their systems. There is more information at https://letsencrypt.org
I use DreamHost for most of my sites - one of the main reasons I switched from GoDaddy was the availability of Let’s Encrypt. ALL of my sites now display the green padlock - and I can attest they are absolutely accepted by every browser.
As an aside, I replied to a Tweet a few days ago sent out by a Rw developer who mentioned GoDaddy. In my reply, I stated that as much as I liked GD (they had ZERO downtime and I never, ever ran into an issue with bandwidth or storage limits – issues I experienced with my in-between host), I switched due to Let’s Encrypt. To my surprise, the CEO of GD actually replied. He stated that although he was surprised their lack of offering Let’s Encrypt drove me away, he wished me well. I think he’s wrong, though - I do think more and more web developers are looking to companies that offer them. And, that’s a good thing for us and for visitors to more secure sites.
I should add that once a Let’s Encrypt certificate is added to a DreamHost site, they (DH) immediately puts a SELF SIGNED certificate in place. This is automatically replaced by a Let’s Encrypt certificate - usually within just a few minutes. If you happen to check your site during the switch-over, not all browsers will accept the SELF SIGNED certificate. But, check back in ten minutes, and all is good.
No modern browsers will accept a self-signed certificate without warning at minimum. On Mac OS X the “Certificate Authorities” that are allowed have a root certificate installed on your keychain. You can use keychain to generate a self-signed certificates. However, no one else will allow them, unless they install a root certificate on their system.
Lets Encrypt Certificates are issued by the Internet Security Research Group (ISRG). You can look at your keychain app on a Mac and search under “System Root” for ISRG, and you will find a root certificate:
As for hosting companies like GoDaddy, the only thing they care about is the bottom line. They don’t offer. Let ’s Encrypt because it would cut into the sales of paid certificates.
Thanks Doug. I added that because I thought that perhaps someone had added a Let’s Encrypt certificate to their website and then checked it before the LE was actually added. With DreamHost, at least, the Self Signed certificate is only in place temporarily - perhaps ten minutes or so.
I also totally agree about DoDaddy caring most about their bottom line. But they do, without question, offer incredible up-time, prices, and state-side customer service. I have clients who host(ed) their sites on companies that include a small hosting company, GoDaddy, A2, DreamHost, and Dotster. Off all of my sites - the only ones that never go down are the ones on GD. That said, the lack of Let’s Encrypt is a deal-killer…and I’ve gotten all but one to move to DreamHost or A2. I’m a firm believer in Let’s Encypt
Consider yourself lucky!. I know a couple of full time website developers that are migrating away from Godaddy because Uptends reporting poorly on both uptime and page load time. That’s here in their home town, Scottsdale.
Godaddy to me uses basically a bait and switch marketing. They sell cheap registration(largest registrar in the world) web hosting, then as soon as you need a.m.
Anything a real site needs you need to upgrade services or buy addons. How many web hosting companies do you know that run ads during the super bowl or sponsored NASCAR teams.
