Skip to content


A Step Towards a Secure Internet: Google Developers Make Progress with SSL False Start

Chrome_and_Chromium_150x150.jpgSecuring the Internet is no easy task but Google researchers think they have taken a step closer this week with a program called SSL False Start that decreases the load time of SSL connections up to 30%.

Secure Sockets Layer (SSL) is a certification that encrypts data between an end-users’ browser and the server. It is a headache to implement and increases connection latency and only a few of the major sites on the Web have instituted “always on” SSL/TLS protection on top of HTTP to create the more secure HTTPS. While SSL False Start is a good step in creating a safer Internet, it is not the cure for all SSL woes. But, it does look like a step in the right direction.

Sponsor

Google developers wrote on the Chromium Blog; “We implemented SSL False Start in Chrome 9, and the results are stunning, yielding a significant decrease in overall SSL connection setup times. SSL False Start reduces the latency of a SSL handshake by 30%.”

The developers were concerned that False Start would not be backwards compatible and that if it “user experience for even a small fraction of users, the optimization is non-deployable.” So, they tested it out by finding every site that uses HTTPS in Google’s index and it came away with a 94.6% success rate, with 5% timing out and .4% failing. The time outs turned up as sites that were no longer in service. The developers contacted the domains that failed and said that most have fixed the issue that made False Start fail. The list of sites that are not compatible with False Start is located in the Chromium source code.

The Electronic Frontier Foundation and Access have teamed up on a campaign called “HTTPS Now” that aims to secure the Internet. Yet, with SSL and encryption still a messy and expensive process, it could be a while before the EFF reaches its goal.

“There is no consistent library for implementing SSL in the browser,” said Tom Bridge, a partner at Technolutionary, a technical services firm. “Firefox, Safari, IE, Chrome, they all use different processes for handling the SSL handshake. Encryption is still a heavy-math process, something that requires both RAM and processor time.”

After some high profile hacks, including Mark Zuckerberg’s own profile, Twitter and Facebook have offered options in profile settings to always use HTTPS. Most of the major email clients use HTTPS as well.

Discuss


Posted in General, Technology, Web.

Tagged with .


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.